aws-sdk-cognitoidentityprovider 1.65.0 → 1.68.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cognitoidentityprovider/client.rb +534 -249
- data/lib/aws-sdk-cognitoidentityprovider/client_api.rb +44 -0
- data/lib/aws-sdk-cognitoidentityprovider/errors.rb +16 -0
- data/lib/aws-sdk-cognitoidentityprovider/types.rb +857 -379
- data/lib/aws-sdk-cognitoidentityprovider.rb +1 -1
- metadata +2 -2
@@ -52,7 +52,7 @@ module Aws::CognitoIdentityProvider
|
|
52
52
|
#
|
53
53
|
# @!attribute [rw] event_action
|
54
54
|
# The action to take in response to the account takeover action. Valid
|
55
|
-
# values are:
|
55
|
+
# values are as follows:
|
56
56
|
#
|
57
57
|
# * `BLOCK` Choosing this action will block the request.
|
58
58
|
#
|
@@ -354,11 +354,11 @@ module Aws::CognitoIdentityProvider
|
|
354
354
|
# @return [Boolean]
|
355
355
|
#
|
356
356
|
# @!attribute [rw] unused_account_validity_days
|
357
|
-
# The user account expiration limit, in days, after which
|
358
|
-
# is no longer usable. To reset the
|
359
|
-
#
|
360
|
-
# `MessageAction` parameter. The
|
361
|
-
# 7.
|
357
|
+
# The user account expiration limit, in days, after which a new
|
358
|
+
# account that hasn't signed in is no longer usable. To reset the
|
359
|
+
# account after that time limit, you must call `AdminCreateUser`
|
360
|
+
# again, specifying `"RESEND"` for the `MessageAction` parameter. The
|
361
|
+
# default value for this parameter is 7.
|
362
362
|
#
|
363
363
|
# <note markdown="1"> If you set a value for `TemporaryPasswordValidityDays` in
|
364
364
|
# `PasswordPolicy`, that value will be used, and
|
@@ -1127,9 +1127,11 @@ module Aws::CognitoIdentityProvider
|
|
1127
1127
|
# @return [Types::AnalyticsMetadataType]
|
1128
1128
|
#
|
1129
1129
|
# @!attribute [rw] context_data
|
1130
|
-
# Contextual data such as the
|
1131
|
-
#
|
1132
|
-
#
|
1130
|
+
# Contextual data about your user session, such as the device
|
1131
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
1132
|
+
# security evaluates the risk of an authentication event based on the
|
1133
|
+
# context that your app generates and passes to Amazon Cognito when it
|
1134
|
+
# makes API requests.
|
1133
1135
|
# @return [Types::ContextDataType]
|
1134
1136
|
#
|
1135
1137
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminInitiateAuthRequest AWS API Documentation
|
@@ -1185,9 +1187,21 @@ module Aws::CognitoIdentityProvider
|
|
1185
1187
|
# enabled to use this flow.
|
1186
1188
|
#
|
1187
1189
|
# * `NEW_PASSWORD_REQUIRED`\: For users who are required to change
|
1188
|
-
# their passwords after successful first login.
|
1189
|
-
#
|
1190
|
-
#
|
1190
|
+
# their passwords after successful first login. Respond to this
|
1191
|
+
# challenge with `NEW_PASSWORD` and any required attributes that
|
1192
|
+
# Amazon Cognito returned in the `requiredAttributes` parameter. You
|
1193
|
+
# can also set values for attributes that aren't required by your
|
1194
|
+
# user pool and that your app client can write. For more
|
1195
|
+
# information, see [AdminRespondToAuthChallenge][1].
|
1196
|
+
#
|
1197
|
+
# <note markdown="1"> In a `NEW_PASSWORD_REQUIRED` challenge response, you can't modify
|
1198
|
+
# a required attribute that already has a value. In
|
1199
|
+
# `AdminRespondToAuthChallenge`, set a value for any keys that
|
1200
|
+
# Amazon Cognito returned in the `requiredAttributes` parameter,
|
1201
|
+
# then use the `AdminUpdateUserAttributes` API operation to modify
|
1202
|
+
# the value of any additional attributes.
|
1203
|
+
#
|
1204
|
+
# </note>
|
1191
1205
|
#
|
1192
1206
|
# * `MFA_SETUP`\: For users who are required to set up an MFA factor
|
1193
1207
|
# before they can sign in. The MFA types activated for the user pool
|
@@ -1200,6 +1214,10 @@ module Aws::CognitoIdentityProvider
|
|
1200
1214
|
# complete sign-in. To set up SMS MFA, users will need help from an
|
1201
1215
|
# administrator to add a phone number to their account and then call
|
1202
1216
|
# `InitiateAuth` again to restart sign-in.
|
1217
|
+
#
|
1218
|
+
#
|
1219
|
+
#
|
1220
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html
|
1203
1221
|
# @return [String]
|
1204
1222
|
#
|
1205
1223
|
# @!attribute [rw] session
|
@@ -1267,12 +1285,11 @@ module Aws::CognitoIdentityProvider
|
|
1267
1285
|
#
|
1268
1286
|
# @!attribute [rw] destination_user
|
1269
1287
|
# The existing user in the user pool that you want to assign to the
|
1270
|
-
# external
|
1271
|
-
#
|
1272
|
-
#
|
1273
|
-
#
|
1274
|
-
#
|
1275
|
-
# attribute) signs in.
|
1288
|
+
# external IdP user account. This user can be a native (Username +
|
1289
|
+
# Password) Amazon Cognito user pools user or a federated user (for
|
1290
|
+
# example, a SAML or Facebook user). If the user doesn't exist,
|
1291
|
+
# Amazon Cognito generates an exception. Amazon Cognito returns this
|
1292
|
+
# user when the new user (with the linked IdP attribute) signs in.
|
1276
1293
|
#
|
1277
1294
|
# For a native username + password user, the `ProviderAttributeValue`
|
1278
1295
|
# for the `DestinationUser` should be the username in the user pool.
|
@@ -1289,30 +1306,29 @@ module Aws::CognitoIdentityProvider
|
|
1289
1306
|
# @return [Types::ProviderUserIdentifierType]
|
1290
1307
|
#
|
1291
1308
|
# @!attribute [rw] source_user
|
1292
|
-
# An external
|
1293
|
-
#
|
1294
|
-
#
|
1309
|
+
# An external IdP account for a user who doesn't exist yet in the
|
1310
|
+
# user pool. This user must be a federated user (for example, a SAML
|
1311
|
+
# or Facebook user), not another native user.
|
1295
1312
|
#
|
1296
|
-
# If the `SourceUser` is using a federated social
|
1297
|
-
#
|
1298
|
-
# `ProviderAttributeName` to `Cognito_Subject`. For social
|
1299
|
-
#
|
1300
|
-
#
|
1301
|
-
#
|
1302
|
-
#
|
1303
|
-
#
|
1304
|
-
#
|
1313
|
+
# If the `SourceUser` is using a federated social IdP, such as
|
1314
|
+
# Facebook, Google, or Login with Amazon, you must set the
|
1315
|
+
# `ProviderAttributeName` to `Cognito_Subject`. For social IdPs, the
|
1316
|
+
# `ProviderName` will be `Facebook`, `Google`, or `LoginWithAmazon`,
|
1317
|
+
# and Amazon Cognito will automatically parse the Facebook, Google,
|
1318
|
+
# and Login with Amazon tokens for `id`, `sub`, and `user_id`,
|
1319
|
+
# respectively. The `ProviderAttributeValue` for the user must be the
|
1320
|
+
# same value as the `id`, `sub`, or `user_id` value found in the
|
1321
|
+
# social IdP token.
|
1305
1322
|
#
|
1306
1323
|
#
|
1307
1324
|
#
|
1308
1325
|
# For SAML, the `ProviderAttributeName` can be any value that matches
|
1309
1326
|
# a claim in the SAML assertion. If you want to link SAML users based
|
1310
1327
|
# on the subject of the SAML assertion, you should map the subject to
|
1311
|
-
# a claim through the SAML
|
1312
|
-
#
|
1313
|
-
# `
|
1314
|
-
#
|
1315
|
-
# subject from the SAML token.
|
1328
|
+
# a claim through the SAML IdP and submit that claim name as the
|
1329
|
+
# `ProviderAttributeName`. If you set `ProviderAttributeName` to
|
1330
|
+
# `Cognito_Subject`, Amazon Cognito will automatically parse the
|
1331
|
+
# default unique identifier found in the subject from the SAML token.
|
1316
1332
|
# @return [Types::ProviderUserIdentifierType]
|
1317
1333
|
#
|
1318
1334
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminLinkProviderForUserRequest AWS API Documentation
|
@@ -1679,9 +1695,22 @@ module Aws::CognitoIdentityProvider
|
|
1679
1695
|
# * `ADMIN_NO_SRP_AUTH`\: `PASSWORD`, `USERNAME`, `SECRET_HASH` (if
|
1680
1696
|
# app client is configured with client secret).
|
1681
1697
|
#
|
1682
|
-
# * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`,
|
1683
|
-
#
|
1684
|
-
#
|
1698
|
+
# * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, `USERNAME`,
|
1699
|
+
# `SECRET_HASH` (if app client is configured with client secret). To
|
1700
|
+
# set any required attributes that Amazon Cognito returned as
|
1701
|
+
# `requiredAttributes` in the `AdminInitiateAuth` response, add a
|
1702
|
+
# `userAttributes.attributename ` parameter. This parameter can also
|
1703
|
+
# set values for writable attributes that aren't required by your
|
1704
|
+
# user pool.
|
1705
|
+
#
|
1706
|
+
# <note markdown="1"> In a `NEW_PASSWORD_REQUIRED` challenge response, you can't modify
|
1707
|
+
# a required attribute that already has a value. In
|
1708
|
+
# `AdminRespondToAuthChallenge`, set a value for any keys that
|
1709
|
+
# Amazon Cognito returned in the `requiredAttributes` parameter,
|
1710
|
+
# then use the `AdminUpdateUserAttributes` API operation to modify
|
1711
|
+
# the value of any additional attributes.
|
1712
|
+
#
|
1713
|
+
# </note>
|
1685
1714
|
#
|
1686
1715
|
# * `MFA_SETUP` requires `USERNAME`, plus you must use the session
|
1687
1716
|
# value returned by `VerifySoftwareToken` in the `Session`
|
@@ -1710,9 +1739,11 @@ module Aws::CognitoIdentityProvider
|
|
1710
1739
|
# @return [Types::AnalyticsMetadataType]
|
1711
1740
|
#
|
1712
1741
|
# @!attribute [rw] context_data
|
1713
|
-
# Contextual data such as the
|
1714
|
-
#
|
1715
|
-
#
|
1742
|
+
# Contextual data about your user session, such as the device
|
1743
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
1744
|
+
# security evaluates the risk of an authentication event based on the
|
1745
|
+
# context that your app generates and passes to Amazon Cognito when it
|
1746
|
+
# makes API requests.
|
1716
1747
|
# @return [Types::ContextDataType]
|
1717
1748
|
#
|
1718
1749
|
# @!attribute [rw] client_metadata
|
@@ -2089,6 +2120,22 @@ module Aws::CognitoIdentityProvider
|
|
2089
2120
|
#
|
2090
2121
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
2091
2122
|
# attribute name.
|
2123
|
+
#
|
2124
|
+
# If your user pool requires verification before Amazon Cognito
|
2125
|
+
# updates an attribute value that you specify in this request, Amazon
|
2126
|
+
# Cognito doesn’t immediately update the value of that attribute.
|
2127
|
+
# After your user receives and responds to a verification message to
|
2128
|
+
# verify the new value, Amazon Cognito updates the attribute value.
|
2129
|
+
# Your user can sign in and receive messages with the original
|
2130
|
+
# attribute value until they verify the new value.
|
2131
|
+
#
|
2132
|
+
# To update the value of an attribute that requires verification in
|
2133
|
+
# the same API request, include the `email_verified` or
|
2134
|
+
# `phone_number_verified` attribute, with a value of `true`. If you
|
2135
|
+
# set the `email_verified` or `phone_number_verified` value for an
|
2136
|
+
# `email` or `phone_number` attribute that requires verification to
|
2137
|
+
# `true`, Amazon Cognito doesn’t send a verification message to your
|
2138
|
+
# user.
|
2092
2139
|
# @return [Array<Types::AttributeType>]
|
2093
2140
|
#
|
2094
2141
|
# @!attribute [rw] client_metadata
|
@@ -2181,12 +2228,15 @@ module Aws::CognitoIdentityProvider
|
|
2181
2228
|
class AdminUserGlobalSignOutResponse < Aws::EmptyStructure; end
|
2182
2229
|
|
2183
2230
|
# This exception is thrown when a user tries to confirm the account with
|
2184
|
-
# an email or phone number that has already been supplied as an
|
2185
|
-
#
|
2186
|
-
# with this email or phone already exists
|
2231
|
+
# an email address or phone number that has already been supplied as an
|
2232
|
+
# alias for a different user profile. This exception indicates that an
|
2233
|
+
# account with this email address or phone already exists in a user pool
|
2234
|
+
# that you've configured to use email address or phone number as a
|
2235
|
+
# sign-in alias.
|
2187
2236
|
#
|
2188
2237
|
# @!attribute [rw] message
|
2189
|
-
# The message
|
2238
|
+
# The message that Amazon Cognito sends to the user when the value of
|
2239
|
+
# an alias attribute is already linked to another user profile.
|
2190
2240
|
# @return [String]
|
2191
2241
|
#
|
2192
2242
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AliasExistsException AWS API Documentation
|
@@ -2197,8 +2247,8 @@ module Aws::CognitoIdentityProvider
|
|
2197
2247
|
include Aws::Structure
|
2198
2248
|
end
|
2199
2249
|
|
2200
|
-
# The Amazon Pinpoint analytics configuration
|
2201
|
-
# a user pool.
|
2250
|
+
# The Amazon Pinpoint analytics configuration necessary to collect
|
2251
|
+
# metrics for a user pool.
|
2202
2252
|
#
|
2203
2253
|
# <note markdown="1"> In Regions where Amazon Pinpointisn't available, user pools only
|
2204
2254
|
# support sending events to Amazon Pinpoint projects in us-east-1. In
|
@@ -2226,7 +2276,7 @@ module Aws::CognitoIdentityProvider
|
|
2226
2276
|
# The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You
|
2227
2277
|
# can use the Amazon Pinpoint project to integrate with the chosen
|
2228
2278
|
# user pool Client. Amazon Cognito publishes events to the Amazon
|
2229
|
-
#
|
2279
|
+
# Pinpoint project that the app ARN declares.
|
2230
2280
|
# @return [String]
|
2231
2281
|
#
|
2232
2282
|
# @!attribute [rw] role_arn
|
@@ -2239,8 +2289,8 @@ module Aws::CognitoIdentityProvider
|
|
2239
2289
|
# @return [String]
|
2240
2290
|
#
|
2241
2291
|
# @!attribute [rw] user_data_shared
|
2242
|
-
# If `UserDataShared` is `true`, Amazon Cognito
|
2243
|
-
#
|
2292
|
+
# If `UserDataShared` is `true`, Amazon Cognito includes user data in
|
2293
|
+
# the events that it publishes to Amazon Pinpoint analytics.
|
2244
2294
|
# @return [Boolean]
|
2245
2295
|
#
|
2246
2296
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AnalyticsConfigurationType AWS API Documentation
|
@@ -2259,12 +2309,14 @@ module Aws::CognitoIdentityProvider
|
|
2259
2309
|
#
|
2260
2310
|
# An endpoint uniquely identifies a mobile device, email address, or
|
2261
2311
|
# phone number that can receive messages from Amazon Pinpoint analytics.
|
2312
|
+
# For more information about Amazon Web Services Regions that can
|
2313
|
+
# contain Amazon Pinpoint resources for use with Amazon Cognito user
|
2314
|
+
# pools, see [Using Amazon Pinpoint analytics with Amazon Cognito user
|
2315
|
+
# pools][1].
|
2262
2316
|
#
|
2263
|
-
# <note markdown="1"> Amazon Cognito user pools only support sending events to Amazon
|
2264
|
-
# Pinpoint projects in the US East (N. Virginia) us-east-1 Region,
|
2265
|
-
# regardless of the Region where the user pool resides.
|
2266
2317
|
#
|
2267
|
-
#
|
2318
|
+
#
|
2319
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html
|
2268
2320
|
#
|
2269
2321
|
# @note When making an API call, you may pass AnalyticsMetadataType
|
2270
2322
|
# data as a hash:
|
@@ -2294,7 +2346,8 @@ module Aws::CognitoIdentityProvider
|
|
2294
2346
|
# }
|
2295
2347
|
#
|
2296
2348
|
# @!attribute [rw] access_token
|
2297
|
-
#
|
2349
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
2350
|
+
# software token you want to generate.
|
2298
2351
|
# @return [String]
|
2299
2352
|
#
|
2300
2353
|
# @!attribute [rw] session
|
@@ -2313,8 +2366,8 @@ module Aws::CognitoIdentityProvider
|
|
2313
2366
|
end
|
2314
2367
|
|
2315
2368
|
# @!attribute [rw] secret_code
|
2316
|
-
# A unique generated shared secret code that is used in the
|
2317
|
-
#
|
2369
|
+
# A unique generated shared secret code that is used in the TOTP
|
2370
|
+
# algorithm to generate a one-time code.
|
2318
2371
|
# @return [String]
|
2319
2372
|
#
|
2320
2373
|
# @!attribute [rw] session
|
@@ -2414,7 +2467,8 @@ module Aws::CognitoIdentityProvider
|
|
2414
2467
|
# The authentication result.
|
2415
2468
|
#
|
2416
2469
|
# @!attribute [rw] access_token
|
2417
|
-
#
|
2470
|
+
# A valid access token that Amazon Cognito issued to the user who you
|
2471
|
+
# want to authenticate.
|
2418
2472
|
# @return [String]
|
2419
2473
|
#
|
2420
2474
|
# @!attribute [rw] expires_in
|
@@ -2489,7 +2543,8 @@ module Aws::CognitoIdentityProvider
|
|
2489
2543
|
# @return [String]
|
2490
2544
|
#
|
2491
2545
|
# @!attribute [rw] access_token
|
2492
|
-
#
|
2546
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
2547
|
+
# password you want to change.
|
2493
2548
|
# @return [String]
|
2494
2549
|
#
|
2495
2550
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ChangePasswordRequest AWS API Documentation
|
@@ -2508,18 +2563,21 @@ module Aws::CognitoIdentityProvider
|
|
2508
2563
|
#
|
2509
2564
|
class ChangePasswordResponse < Aws::EmptyStructure; end
|
2510
2565
|
|
2511
|
-
# The
|
2566
|
+
# The delivery details for an email or SMS message that Amazon Cognito
|
2567
|
+
# sent for authentication or verification.
|
2512
2568
|
#
|
2513
2569
|
# @!attribute [rw] destination
|
2514
|
-
# The
|
2570
|
+
# The email address or phone number destination where Amazon Cognito
|
2571
|
+
# sent the code.
|
2515
2572
|
# @return [String]
|
2516
2573
|
#
|
2517
2574
|
# @!attribute [rw] delivery_medium
|
2518
|
-
# The
|
2575
|
+
# The method that Amazon Cognito used to send the code.
|
2519
2576
|
# @return [String]
|
2520
2577
|
#
|
2521
2578
|
# @!attribute [rw] attribute_name
|
2522
|
-
# The attribute
|
2579
|
+
# The name of the attribute that Amazon Cognito verifies with the
|
2580
|
+
# code.
|
2523
2581
|
# @return [String]
|
2524
2582
|
#
|
2525
2583
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CodeDeliveryDetailsType AWS API Documentation
|
@@ -2645,7 +2703,8 @@ module Aws::CognitoIdentityProvider
|
|
2645
2703
|
# }
|
2646
2704
|
#
|
2647
2705
|
# @!attribute [rw] access_token
|
2648
|
-
#
|
2706
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
2707
|
+
# device you want to confirm.
|
2649
2708
|
# @return [String]
|
2650
2709
|
#
|
2651
2710
|
# @!attribute [rw] device_key
|
@@ -2701,6 +2760,7 @@ module Aws::CognitoIdentityProvider
|
|
2701
2760
|
# analytics_endpoint_id: "StringType",
|
2702
2761
|
# },
|
2703
2762
|
# user_context_data: {
|
2763
|
+
# ip_address: "StringType",
|
2704
2764
|
# encoded_data: "StringType",
|
2705
2765
|
# },
|
2706
2766
|
# client_metadata: {
|
@@ -2724,8 +2784,8 @@ module Aws::CognitoIdentityProvider
|
|
2724
2784
|
# @return [String]
|
2725
2785
|
#
|
2726
2786
|
# @!attribute [rw] confirmation_code
|
2727
|
-
# The confirmation code
|
2728
|
-
#
|
2787
|
+
# The confirmation code from your user's request to reset their
|
2788
|
+
# password. For more information, see [ForgotPassword][1].
|
2729
2789
|
#
|
2730
2790
|
#
|
2731
2791
|
#
|
@@ -2733,8 +2793,7 @@ module Aws::CognitoIdentityProvider
|
|
2733
2793
|
# @return [String]
|
2734
2794
|
#
|
2735
2795
|
# @!attribute [rw] password
|
2736
|
-
# The password
|
2737
|
-
# password.
|
2796
|
+
# The new password that your user wants to set.
|
2738
2797
|
# @return [String]
|
2739
2798
|
#
|
2740
2799
|
# @!attribute [rw] analytics_metadata
|
@@ -2743,9 +2802,11 @@ module Aws::CognitoIdentityProvider
|
|
2743
2802
|
# @return [Types::AnalyticsMetadataType]
|
2744
2803
|
#
|
2745
2804
|
# @!attribute [rw] user_context_data
|
2746
|
-
# Contextual data such as the
|
2747
|
-
#
|
2748
|
-
#
|
2805
|
+
# Contextual data about your user session, such as the device
|
2806
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
2807
|
+
# security evaluates the risk of an authentication event based on the
|
2808
|
+
# context that your app generates and passes to Amazon Cognito when it
|
2809
|
+
# makes API requests.
|
2749
2810
|
# @return [Types::UserContextDataType]
|
2750
2811
|
#
|
2751
2812
|
# @!attribute [rw] client_metadata
|
@@ -2823,6 +2884,7 @@ module Aws::CognitoIdentityProvider
|
|
2823
2884
|
# analytics_endpoint_id: "StringType",
|
2824
2885
|
# },
|
2825
2886
|
# user_context_data: {
|
2887
|
+
# ip_address: "StringType",
|
2826
2888
|
# encoded_data: "StringType",
|
2827
2889
|
# },
|
2828
2890
|
# client_metadata: {
|
@@ -2865,9 +2927,11 @@ module Aws::CognitoIdentityProvider
|
|
2865
2927
|
# @return [Types::AnalyticsMetadataType]
|
2866
2928
|
#
|
2867
2929
|
# @!attribute [rw] user_context_data
|
2868
|
-
# Contextual data such as the
|
2869
|
-
#
|
2870
|
-
#
|
2930
|
+
# Contextual data about your user session, such as the device
|
2931
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
2932
|
+
# security evaluates the risk of an authentication event based on the
|
2933
|
+
# context that your app generates and passes to Amazon Cognito when it
|
2934
|
+
# makes API requests.
|
2871
2935
|
# @return [Types::UserContextDataType]
|
2872
2936
|
#
|
2873
2937
|
# @!attribute [rw] client_metadata
|
@@ -2950,7 +3014,7 @@ module Aws::CognitoIdentityProvider
|
|
2950
3014
|
# }
|
2951
3015
|
#
|
2952
3016
|
# @!attribute [rw] ip_address
|
2953
|
-
#
|
3017
|
+
# The source IP address of your user's device.
|
2954
3018
|
# @return [String]
|
2955
3019
|
#
|
2956
3020
|
# @!attribute [rw] server_name
|
@@ -2966,8 +3030,14 @@ module Aws::CognitoIdentityProvider
|
|
2966
3030
|
# @return [Array<Types::HttpHeader>]
|
2967
3031
|
#
|
2968
3032
|
# @!attribute [rw] encoded_data
|
2969
|
-
# Encoded
|
2970
|
-
#
|
3033
|
+
# Encoded device-fingerprint details that your app collected with the
|
3034
|
+
# Amazon Cognito context data collection library. For more
|
3035
|
+
# information, see [Adding user device and session data to API
|
3036
|
+
# requests][1].
|
3037
|
+
#
|
3038
|
+
#
|
3039
|
+
#
|
3040
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
|
2971
3041
|
# @return [String]
|
2972
3042
|
#
|
2973
3043
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ContextDataType AWS API Documentation
|
@@ -3013,7 +3083,7 @@ module Aws::CognitoIdentityProvider
|
|
3013
3083
|
# A non-negative integer value that specifies the precedence of this
|
3014
3084
|
# group relative to the other groups that a user can belong to in the
|
3015
3085
|
# user pool. Zero is the highest precedence value. Groups with lower
|
3016
|
-
# `Precedence` values take precedence over groups with higher
|
3086
|
+
# `Precedence` values take precedence over groups with higher or null
|
3017
3087
|
# `Precedence` values. If a user belongs to two or more groups, it is
|
3018
3088
|
# the group with the lowest precedence value whose role ARN is given
|
3019
3089
|
# in the user's tokens for the `cognito:roles` and
|
@@ -3026,7 +3096,8 @@ module Aws::CognitoIdentityProvider
|
|
3026
3096
|
# group. If the two groups have different role ARNs, the
|
3027
3097
|
# `cognito:preferred_role` claim isn't set in users' tokens.
|
3028
3098
|
#
|
3029
|
-
# The default `Precedence` value is null.
|
3099
|
+
# The default `Precedence` value is null. The maximum `Precedence`
|
3100
|
+
# value is `2^31-1`.
|
3030
3101
|
# @return [Integer]
|
3031
3102
|
#
|
3032
3103
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateGroupRequest AWS API Documentation
|
@@ -3074,16 +3145,16 @@ module Aws::CognitoIdentityProvider
|
|
3074
3145
|
# @return [String]
|
3075
3146
|
#
|
3076
3147
|
# @!attribute [rw] provider_name
|
3077
|
-
# The
|
3148
|
+
# The IdP name.
|
3078
3149
|
# @return [String]
|
3079
3150
|
#
|
3080
3151
|
# @!attribute [rw] provider_type
|
3081
|
-
# The
|
3152
|
+
# The IdP type.
|
3082
3153
|
# @return [String]
|
3083
3154
|
#
|
3084
3155
|
# @!attribute [rw] provider_details
|
3085
|
-
# The
|
3086
|
-
#
|
3156
|
+
# The IdP details. The following list describes the provider detail
|
3157
|
+
# keys for each IdP type.
|
3087
3158
|
#
|
3088
3159
|
# * For Google and Login with Amazon:
|
3089
3160
|
#
|
@@ -3127,35 +3198,38 @@ module Aws::CognitoIdentityProvider
|
|
3127
3198
|
#
|
3128
3199
|
# * authorize\_scopes
|
3129
3200
|
#
|
3130
|
-
# *
|
3131
|
-
#
|
3201
|
+
# * The following keys are only present if Amazon Cognito didn't
|
3202
|
+
# discover them at the `oidc_issuer` URL.
|
3203
|
+
#
|
3204
|
+
# * authorize\_url
|
3205
|
+
#
|
3206
|
+
# * token\_url
|
3132
3207
|
#
|
3133
|
-
#
|
3134
|
-
# oidc\_issuer key*
|
3208
|
+
# * attributes\_url
|
3135
3209
|
#
|
3136
|
-
#
|
3137
|
-
# by oidc\_issuer key*
|
3210
|
+
# * jwks\_uri
|
3138
3211
|
#
|
3139
|
-
# *
|
3140
|
-
#
|
3212
|
+
# * Amazon Cognito sets the value of the following keys
|
3213
|
+
# automatically. They are read-only.
|
3141
3214
|
#
|
3142
|
-
#
|
3143
|
-
#
|
3215
|
+
# * attributes\_url\_add\_attributes
|
3216
|
+
#
|
3217
|
+
# ^
|
3144
3218
|
#
|
3145
3219
|
# * For SAML providers:
|
3146
3220
|
#
|
3147
|
-
# * MetadataFile
|
3221
|
+
# * MetadataFile or MetadataURL
|
3148
3222
|
#
|
3149
|
-
# * IDPSignout
|
3223
|
+
# * IDPSignout *optional*
|
3150
3224
|
# @return [Hash<String,String>]
|
3151
3225
|
#
|
3152
3226
|
# @!attribute [rw] attribute_mapping
|
3153
|
-
# A mapping of
|
3154
|
-
#
|
3227
|
+
# A mapping of IdP attributes to standard and custom user pool
|
3228
|
+
# attributes.
|
3155
3229
|
# @return [Hash<String,String>]
|
3156
3230
|
#
|
3157
3231
|
# @!attribute [rw] idp_identifiers
|
3158
|
-
# A list of
|
3232
|
+
# A list of IdP identifiers.
|
3159
3233
|
# @return [Array<String>]
|
3160
3234
|
#
|
3161
3235
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateIdentityProviderRequest AWS API Documentation
|
@@ -3172,7 +3246,7 @@ module Aws::CognitoIdentityProvider
|
|
3172
3246
|
end
|
3173
3247
|
|
3174
3248
|
# @!attribute [rw] identity_provider
|
3175
|
-
# The newly created
|
3249
|
+
# The newly created IdP object.
|
3176
3250
|
# @return [Types::IdentityProviderType]
|
3177
3251
|
#
|
3178
3252
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateIdentityProviderResponse AWS API Documentation
|
@@ -3326,6 +3400,7 @@ module Aws::CognitoIdentityProvider
|
|
3326
3400
|
# },
|
3327
3401
|
# prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
|
3328
3402
|
# enable_token_revocation: false,
|
3403
|
+
# enable_propagate_additional_user_context_data: false,
|
3329
3404
|
# }
|
3330
3405
|
#
|
3331
3406
|
# @!attribute [rw] user_pool_id
|
@@ -3343,26 +3418,53 @@ module Aws::CognitoIdentityProvider
|
|
3343
3418
|
# @return [Boolean]
|
3344
3419
|
#
|
3345
3420
|
# @!attribute [rw] refresh_token_validity
|
3346
|
-
# The time limit
|
3347
|
-
#
|
3421
|
+
# The refresh token time limit. After this limit expires, your user
|
3422
|
+
# can't use their refresh token. To specify the time unit for
|
3423
|
+
# `RefreshTokenValidity` as `seconds`, `minutes`, `hours`, or `days`,
|
3424
|
+
# set a `TokenValidityUnits` value in your API request.
|
3425
|
+
#
|
3426
|
+
# For example, when you set `RefreshTokenValidity` as `10` and
|
3427
|
+
# `TokenValidityUnits` as `days`, your user can refresh their session
|
3428
|
+
# and retrieve new access and ID tokens for 10 days.
|
3429
|
+
#
|
3430
|
+
# The default time unit for `RefreshTokenValidity` in an API request
|
3431
|
+
# is days. You can't set `RefreshTokenValidity` to 0. If you do,
|
3432
|
+
# Amazon Cognito overrides the value with the default value of 30
|
3433
|
+
# days. *Valid range* is displayed below in seconds.
|
3348
3434
|
# @return [Integer]
|
3349
3435
|
#
|
3350
3436
|
# @!attribute [rw] access_token_validity
|
3351
|
-
# The time limit
|
3352
|
-
#
|
3353
|
-
#
|
3437
|
+
# The access token time limit. After this limit expires, your user
|
3438
|
+
# can't use their access token. To specify the time unit for
|
3439
|
+
# `AccessTokenValidity` as `seconds`, `minutes`, `hours`, or `days`,
|
3440
|
+
# set a `TokenValidityUnits` value in your API request.
|
3441
|
+
#
|
3442
|
+
# For example, when you set `AccessTokenValidity` to `10` and
|
3443
|
+
# `TokenValidityUnits` to `hours`, your user can authorize access with
|
3444
|
+
# their access token for 10 hours.
|
3445
|
+
#
|
3446
|
+
# The default time unit for `AccessTokenValidity` in an API request is
|
3447
|
+
# hours. *Valid range* is displayed below in seconds.
|
3354
3448
|
# @return [Integer]
|
3355
3449
|
#
|
3356
3450
|
# @!attribute [rw] id_token_validity
|
3357
|
-
# The time limit
|
3358
|
-
#
|
3359
|
-
#
|
3451
|
+
# The ID token time limit. After this limit expires, your user can't
|
3452
|
+
# use their ID token. To specify the time unit for `IdTokenValidity`
|
3453
|
+
# as `seconds`, `minutes`, `hours`, or `days`, set a
|
3454
|
+
# `TokenValidityUnits` value in your API request.
|
3455
|
+
#
|
3456
|
+
# For example, when you set `IdTokenValidity` as `10` and
|
3457
|
+
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
3458
|
+
# session with their ID token for 10 hours.
|
3459
|
+
#
|
3460
|
+
# The default time unit for `AccessTokenValidity` in an API request is
|
3461
|
+
# hours. *Valid range* is displayed below in seconds.
|
3360
3462
|
# @return [Integer]
|
3361
3463
|
#
|
3362
3464
|
# @!attribute [rw] token_validity_units
|
3363
|
-
# The units in which the validity times are represented.
|
3364
|
-
# RefreshToken is days, and default for ID and access tokens
|
3365
|
-
# hours.
|
3465
|
+
# The units in which the validity times are represented. The default
|
3466
|
+
# unit for RefreshToken is days, and default for ID and access tokens
|
3467
|
+
# are hours.
|
3366
3468
|
# @return [Types::TokenValidityUnitsType]
|
3367
3469
|
#
|
3368
3470
|
# @!attribute [rw] read_attributes
|
@@ -3372,14 +3474,13 @@ module Aws::CognitoIdentityProvider
|
|
3372
3474
|
# @!attribute [rw] write_attributes
|
3373
3475
|
# The user pool attributes that the app client can write to.
|
3374
3476
|
#
|
3375
|
-
# If your app client allows users to sign in through an
|
3376
|
-
#
|
3377
|
-
#
|
3378
|
-
#
|
3379
|
-
#
|
3380
|
-
#
|
3381
|
-
#
|
3382
|
-
# Provider Attribute Mappings for Your user pool][1].
|
3477
|
+
# If your app client allows users to sign in through an IdP, this
|
3478
|
+
# array must include all attributes that you have mapped to IdP
|
3479
|
+
# attributes. Amazon Cognito updates mapped attributes when users sign
|
3480
|
+
# in to your application through an IdP. If your app client does not
|
3481
|
+
# have write access to a mapped attribute, Amazon Cognito throws an
|
3482
|
+
# error when it tries to update the attribute. For more information,
|
3483
|
+
# see [Specifying IdP Attribute Mappings for Your user pool][1].
|
3383
3484
|
#
|
3384
3485
|
#
|
3385
3486
|
#
|
@@ -3398,34 +3499,46 @@ module Aws::CognitoIdentityProvider
|
|
3398
3499
|
#
|
3399
3500
|
# Valid values include:
|
3400
3501
|
#
|
3401
|
-
#
|
3402
|
-
# password authentication flow `ADMIN_USER_PASSWORD_AUTH`. This
|
3403
|
-
# setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this
|
3404
|
-
# authentication flow, Amazon Cognito receives the password in the
|
3405
|
-
# request instead of using the Secure Remote Password (SRP) protocol
|
3406
|
-
# to verify passwords.
|
3502
|
+
# ALLOW\_ADMIN\_USER\_PASSWORD\_AUTH
|
3407
3503
|
#
|
3408
|
-
#
|
3504
|
+
# : Enable admin based user password authentication flow
|
3505
|
+
# `ADMIN_USER_PASSWORD_AUTH`. This setting replaces the
|
3506
|
+
# `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, Amazon
|
3507
|
+
# Cognito receives the password in the request instead of using the
|
3508
|
+
# Secure Remote Password (SRP) protocol to verify passwords.
|
3409
3509
|
#
|
3410
|
-
#
|
3411
|
-
# authentication. In this flow, Amazon Cognito receives the password
|
3412
|
-
# in the request instead of using the SRP protocol to verify
|
3413
|
-
# passwords.
|
3510
|
+
# ALLOW\_CUSTOM\_AUTH
|
3414
3511
|
#
|
3415
|
-
#
|
3512
|
+
# : Enable Lambda trigger based authentication.
|
3416
3513
|
#
|
3417
|
-
#
|
3514
|
+
# ALLOW\_USER\_PASSWORD\_AUTH
|
3515
|
+
#
|
3516
|
+
# : Enable user password-based authentication. In this flow, Amazon
|
3517
|
+
# Cognito receives the password in the request instead of using the
|
3518
|
+
# SRP protocol to verify passwords.
|
3519
|
+
#
|
3520
|
+
# ALLOW\_USER\_SRP\_AUTH
|
3521
|
+
#
|
3522
|
+
# : Enable SRP-based authentication.
|
3523
|
+
#
|
3524
|
+
# ALLOW\_REFRESH\_TOKEN\_AUTH
|
3525
|
+
#
|
3526
|
+
# : Enable the authflow that refreshes tokens.
|
3527
|
+
#
|
3528
|
+
# If you don't specify a value for `ExplicitAuthFlows`, your user
|
3529
|
+
# client supports `ALLOW_USER_SRP_AUTH` and `ALLOW_CUSTOM_AUTH`.
|
3418
3530
|
# @return [Array<String>]
|
3419
3531
|
#
|
3420
3532
|
# @!attribute [rw] supported_identity_providers
|
3421
|
-
# A list of provider names for the identity providers that are
|
3533
|
+
# A list of provider names for the identity providers (IdPs) that are
|
3422
3534
|
# supported on this client. The following are supported: `COGNITO`,
|
3423
|
-
# `Facebook`, `Google` and `LoginWithAmazon`.
|
3535
|
+
# `Facebook`, `Google`, `SignInWithApple`, and `LoginWithAmazon`. You
|
3536
|
+
# can also specify the names that you configured for the SAML and OIDC
|
3537
|
+
# IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP`.
|
3424
3538
|
# @return [Array<String>]
|
3425
3539
|
#
|
3426
3540
|
# @!attribute [rw] callback_urls
|
3427
|
-
# A list of allowed redirect (callback) URLs for the
|
3428
|
-
# providers.
|
3541
|
+
# A list of allowed redirect (callback) URLs for the IdPs.
|
3429
3542
|
#
|
3430
3543
|
# A redirect URI must:
|
3431
3544
|
#
|
@@ -3448,7 +3561,7 @@ module Aws::CognitoIdentityProvider
|
|
3448
3561
|
# @return [Array<String>]
|
3449
3562
|
#
|
3450
3563
|
# @!attribute [rw] logout_urls
|
3451
|
-
# A list of allowed logout URLs for the
|
3564
|
+
# A list of allowed logout URLs for the IdPs.
|
3452
3565
|
# @return [Array<String>]
|
3453
3566
|
#
|
3454
3567
|
# @!attribute [rw] default_redirect_uri
|
@@ -3477,22 +3590,28 @@ module Aws::CognitoIdentityProvider
|
|
3477
3590
|
# @!attribute [rw] allowed_o_auth_flows
|
3478
3591
|
# The allowed OAuth flows.
|
3479
3592
|
#
|
3480
|
-
#
|
3481
|
-
#
|
3482
|
-
#
|
3593
|
+
# code
|
3594
|
+
#
|
3595
|
+
# : Use a code grant flow, which provides an authorization code as the
|
3596
|
+
# response. This code can be exchanged for access tokens with the
|
3597
|
+
# `/oauth2/token` endpoint.
|
3483
3598
|
#
|
3484
|
-
#
|
3485
|
-
# token (and, optionally, ID token, based on scopes) directly.
|
3599
|
+
# implicit
|
3486
3600
|
#
|
3487
|
-
#
|
3488
|
-
#
|
3489
|
-
#
|
3601
|
+
# : Issue the access token (and, optionally, ID token, based on
|
3602
|
+
# scopes) directly to your user.
|
3603
|
+
#
|
3604
|
+
# client\_credentials
|
3605
|
+
#
|
3606
|
+
# : Issue the access token from the `/oauth2/token` endpoint directly
|
3607
|
+
# to a non-person user using a combination of the client ID and
|
3608
|
+
# client secret.
|
3490
3609
|
# @return [Array<String>]
|
3491
3610
|
#
|
3492
3611
|
# @!attribute [rw] allowed_o_auth_scopes
|
3493
|
-
# The allowed OAuth scopes. Possible values provided by OAuth are
|
3612
|
+
# The allowed OAuth scopes. Possible values provided by OAuth are
|
3494
3613
|
# `phone`, `email`, `openid`, and `profile`. Possible values provided
|
3495
|
-
# by Amazon Web Services are
|
3614
|
+
# by Amazon Web Services are `aws.cognito.signin.user.admin`. Custom
|
3496
3615
|
# scopes created in Resource Servers are also supported.
|
3497
3616
|
# @return [Array<String>]
|
3498
3617
|
#
|
@@ -3545,6 +3664,20 @@ module Aws::CognitoIdentityProvider
|
|
3545
3664
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
3546
3665
|
# @return [Boolean]
|
3547
3666
|
#
|
3667
|
+
# @!attribute [rw] enable_propagate_additional_user_context_data
|
3668
|
+
# Activates the propagation of additional user context data. For more
|
3669
|
+
# information about propagation of user context data, see [ Adding
|
3670
|
+
# advanced security to a user pool][1]. If you don’t include this
|
3671
|
+
# parameter, you can't send device fingerprint information, including
|
3672
|
+
# source IP address, to Amazon Cognito advanced security. You can only
|
3673
|
+
# activate `EnablePropagateAdditionalUserContextData` in an app client
|
3674
|
+
# that has a client secret.
|
3675
|
+
#
|
3676
|
+
#
|
3677
|
+
#
|
3678
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
3679
|
+
# @return [Boolean]
|
3680
|
+
#
|
3548
3681
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClientRequest AWS API Documentation
|
3549
3682
|
#
|
3550
3683
|
class CreateUserPoolClientRequest < Struct.new(
|
@@ -3567,7 +3700,8 @@ module Aws::CognitoIdentityProvider
|
|
3567
3700
|
:allowed_o_auth_flows_user_pool_client,
|
3568
3701
|
:analytics_configuration,
|
3569
3702
|
:prevent_user_existence_errors,
|
3570
|
-
:enable_token_revocation
|
3703
|
+
:enable_token_revocation,
|
3704
|
+
:enable_propagate_additional_user_context_data)
|
3571
3705
|
SENSITIVE = []
|
3572
3706
|
include Aws::Structure
|
3573
3707
|
end
|
@@ -3700,6 +3834,9 @@ module Aws::CognitoIdentityProvider
|
|
3700
3834
|
# },
|
3701
3835
|
# sms_authentication_message: "SmsVerificationMessageType",
|
3702
3836
|
# mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
|
3837
|
+
# user_attribute_update_settings: {
|
3838
|
+
# attributes_require_verification_before_update: ["phone_number"], # accepts phone_number, email
|
3839
|
+
# },
|
3703
3840
|
# device_configuration: {
|
3704
3841
|
# challenge_required_on_new_device: false,
|
3705
3842
|
# device_only_remembered_on_user_prompt: false,
|
@@ -3813,8 +3950,8 @@ module Aws::CognitoIdentityProvider
|
|
3813
3950
|
#
|
3814
3951
|
# @!attribute [rw] email_verification_message
|
3815
3952
|
# A string representing the email verification message.
|
3816
|
-
# EmailVerificationMessage is allowed only if
|
3817
|
-
# is DEVELOPER.
|
3953
|
+
# `EmailVerificationMessage` is allowed only if
|
3954
|
+
# [EmailSendingAccount][1] is DEVELOPER.
|
3818
3955
|
#
|
3819
3956
|
#
|
3820
3957
|
#
|
@@ -3823,8 +3960,8 @@ module Aws::CognitoIdentityProvider
|
|
3823
3960
|
#
|
3824
3961
|
# @!attribute [rw] email_verification_subject
|
3825
3962
|
# A string representing the email verification subject.
|
3826
|
-
# EmailVerificationSubject is allowed only if
|
3827
|
-
# is DEVELOPER.
|
3963
|
+
# `EmailVerificationSubject` is allowed only if
|
3964
|
+
# [EmailSendingAccount][1] is DEVELOPER.
|
3828
3965
|
#
|
3829
3966
|
#
|
3830
3967
|
#
|
@@ -3844,8 +3981,28 @@ module Aws::CognitoIdentityProvider
|
|
3844
3981
|
# Specifies MFA configuration details.
|
3845
3982
|
# @return [String]
|
3846
3983
|
#
|
3984
|
+
# @!attribute [rw] user_attribute_update_settings
|
3985
|
+
# The settings for updates to user attributes. These settings include
|
3986
|
+
# the property `AttributesRequireVerificationBeforeUpdate`, a
|
3987
|
+
# user-pool setting that tells Amazon Cognito how to handle changes to
|
3988
|
+
# the value of your users' email address and phone number attributes.
|
3989
|
+
# For more information, see [ Verifying updates to email addresses and
|
3990
|
+
# phone numbers][1].
|
3991
|
+
#
|
3992
|
+
#
|
3993
|
+
#
|
3994
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
|
3995
|
+
# @return [Types::UserAttributeUpdateSettingsType]
|
3996
|
+
#
|
3847
3997
|
# @!attribute [rw] device_configuration
|
3848
|
-
# The device configuration.
|
3998
|
+
# The device-remembering configuration for a user pool. A null value
|
3999
|
+
# indicates that you have deactivated device remembering in your user
|
4000
|
+
# pool.
|
4001
|
+
#
|
4002
|
+
# <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
|
4003
|
+
# activate the Amazon Cognito device-remembering feature.
|
4004
|
+
#
|
4005
|
+
# </note>
|
3849
4006
|
# @return [Types::DeviceConfigurationType]
|
3850
4007
|
#
|
3851
4008
|
# @!attribute [rw] email_configuration
|
@@ -3921,6 +4078,7 @@ module Aws::CognitoIdentityProvider
|
|
3921
4078
|
:verification_message_template,
|
3922
4079
|
:sms_authentication_message,
|
3923
4080
|
:mfa_configuration,
|
4081
|
+
:user_attribute_update_settings,
|
3924
4082
|
:device_configuration,
|
3925
4083
|
:email_configuration,
|
3926
4084
|
:sms_configuration,
|
@@ -4071,7 +4229,7 @@ module Aws::CognitoIdentityProvider
|
|
4071
4229
|
# @return [String]
|
4072
4230
|
#
|
4073
4231
|
# @!attribute [rw] provider_name
|
4074
|
-
# The
|
4232
|
+
# The IdP name.
|
4075
4233
|
# @return [String]
|
4076
4234
|
#
|
4077
4235
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteIdentityProviderRequest AWS API Documentation
|
@@ -4127,7 +4285,8 @@ module Aws::CognitoIdentityProvider
|
|
4127
4285
|
# @return [Array<String>]
|
4128
4286
|
#
|
4129
4287
|
# @!attribute [rw] access_token
|
4130
|
-
#
|
4288
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
4289
|
+
# attributes you want to delete.
|
4131
4290
|
# @return [String]
|
4132
4291
|
#
|
4133
4292
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserAttributesRequest AWS API Documentation
|
@@ -4235,7 +4394,8 @@ module Aws::CognitoIdentityProvider
|
|
4235
4394
|
# }
|
4236
4395
|
#
|
4237
4396
|
# @!attribute [rw] access_token
|
4238
|
-
#
|
4397
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
4398
|
+
# user profile you want to delete.
|
4239
4399
|
# @return [String]
|
4240
4400
|
#
|
4241
4401
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeleteUserRequest AWS API Documentation
|
@@ -4259,7 +4419,7 @@ module Aws::CognitoIdentityProvider
|
|
4259
4419
|
# @return [String]
|
4260
4420
|
#
|
4261
4421
|
# @!attribute [rw] provider_name
|
4262
|
-
# The
|
4422
|
+
# The IdP name.
|
4263
4423
|
# @return [String]
|
4264
4424
|
#
|
4265
4425
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeIdentityProviderRequest AWS API Documentation
|
@@ -4272,7 +4432,7 @@ module Aws::CognitoIdentityProvider
|
|
4272
4432
|
end
|
4273
4433
|
|
4274
4434
|
# @!attribute [rw] identity_provider
|
4275
|
-
# The
|
4435
|
+
# The IdP that was deleted.
|
4276
4436
|
# @return [Types::IdentityProviderType]
|
4277
4437
|
#
|
4278
4438
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeIdentityProviderResponse AWS API Documentation
|
@@ -4512,11 +4672,12 @@ module Aws::CognitoIdentityProvider
|
|
4512
4672
|
include Aws::Structure
|
4513
4673
|
end
|
4514
4674
|
|
4515
|
-
# The device
|
4516
|
-
#
|
4675
|
+
# The device-remembering configuration for a user pool. A null value
|
4676
|
+
# indicates that you have deactivated device remembering in your user
|
4677
|
+
# pool.
|
4517
4678
|
#
|
4518
|
-
# <note markdown="1"> When you provide
|
4519
|
-
# activate device
|
4679
|
+
# <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
|
4680
|
+
# activate the Amazon Cognito device-remembering feature.
|
4520
4681
|
#
|
4521
4682
|
# </note>
|
4522
4683
|
#
|
@@ -4533,17 +4694,23 @@ module Aws::CognitoIdentityProvider
|
|
4533
4694
|
# one-time password (TOTP) factors for multi-factor authentication
|
4534
4695
|
# (MFA).
|
4535
4696
|
#
|
4536
|
-
# <note markdown="1">
|
4537
|
-
#
|
4538
|
-
#
|
4539
|
-
# requires MFA.
|
4697
|
+
# <note markdown="1"> Regardless of the value of this field, users that sign in with new
|
4698
|
+
# devices that have not been confirmed or remembered must provide a
|
4699
|
+
# second factor if your user pool requires MFA.
|
4540
4700
|
#
|
4541
4701
|
# </note>
|
4542
4702
|
# @return [Boolean]
|
4543
4703
|
#
|
4544
4704
|
# @!attribute [rw] device_only_remembered_on_user_prompt
|
4545
|
-
# When true,
|
4546
|
-
#
|
4705
|
+
# When true, Amazon Cognito doesn't remember newly-confirmed devices.
|
4706
|
+
# Users who want to authenticate with their device can instead opt in
|
4707
|
+
# to remembering their device. To collect a choice from your user,
|
4708
|
+
# create an input prompt in your app and return the value that the
|
4709
|
+
# user chooses in an [UpdateDeviceStatus][1] API request.
|
4710
|
+
#
|
4711
|
+
#
|
4712
|
+
#
|
4713
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html
|
4547
4714
|
# @return [Boolean]
|
4548
4715
|
#
|
4549
4716
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceConfigurationType AWS API Documentation
|
@@ -4570,7 +4737,11 @@ module Aws::CognitoIdentityProvider
|
|
4570
4737
|
# @return [String]
|
4571
4738
|
#
|
4572
4739
|
# @!attribute [rw] salt
|
4573
|
-
# The salt
|
4740
|
+
# The [salt][1]
|
4741
|
+
#
|
4742
|
+
#
|
4743
|
+
#
|
4744
|
+
# [1]: https://en.wikipedia.org/wiki/Salt_(cryptography)
|
4574
4745
|
# @return [String]
|
4575
4746
|
#
|
4576
4747
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DeviceSecretVerifierConfigType AWS API Documentation
|
@@ -4762,29 +4933,6 @@ module Aws::CognitoIdentityProvider
|
|
4762
4933
|
# of an Amazon SES verified email address for the `SourceArn`
|
4763
4934
|
# parameter.
|
4764
4935
|
#
|
4765
|
-
# If EmailSendingAccount is COGNITO\_DEFAULT, you can't use the
|
4766
|
-
# following parameters:
|
4767
|
-
#
|
4768
|
-
# * EmailVerificationMessage
|
4769
|
-
#
|
4770
|
-
# * EmailVerificationSubject
|
4771
|
-
#
|
4772
|
-
# * InviteMessageTemplate.EmailMessage
|
4773
|
-
#
|
4774
|
-
# * InviteMessageTemplate.EmailSubject
|
4775
|
-
#
|
4776
|
-
# * VerificationMessageTemplate.EmailMessage
|
4777
|
-
#
|
4778
|
-
# * VerificationMessageTemplate.EmailMessageByLink
|
4779
|
-
#
|
4780
|
-
# * VerificationMessageTemplate.EmailSubject,
|
4781
|
-
#
|
4782
|
-
# * VerificationMessageTemplate.EmailSubjectByLink
|
4783
|
-
#
|
4784
|
-
# <note markdown="1"> DEVELOPER EmailSendingAccount is required.
|
4785
|
-
#
|
4786
|
-
# </note>
|
4787
|
-
#
|
4788
4936
|
# DEVELOPER
|
4789
4937
|
#
|
4790
4938
|
# : When Amazon Cognito emails your users, it uses your Amazon SES
|
@@ -4794,8 +4942,8 @@ module Aws::CognitoIdentityProvider
|
|
4794
4942
|
# to your Amazon SES verified email address in your Amazon Web
|
4795
4943
|
# Services account.
|
4796
4944
|
#
|
4797
|
-
# If you use this option,
|
4798
|
-
#
|
4945
|
+
# If you use this option, provide the ARN of an Amazon SES verified
|
4946
|
+
# email address for the `SourceArn` parameter.
|
4799
4947
|
#
|
4800
4948
|
# Before Amazon Cognito can email your users, it requires additional
|
4801
4949
|
# permissions to call Amazon SES on your behalf. When you update
|
@@ -4875,7 +5023,7 @@ module Aws::CognitoIdentityProvider
|
|
4875
5023
|
# request.
|
4876
5024
|
#
|
4877
5025
|
# @!attribute [rw] ip_address
|
4878
|
-
# The user's
|
5026
|
+
# The source IP address of your user's device.
|
4879
5027
|
# @return [String]
|
4880
5028
|
#
|
4881
5029
|
# @!attribute [rw] device_name
|
@@ -4969,6 +5117,22 @@ module Aws::CognitoIdentityProvider
|
|
4969
5117
|
include Aws::Structure
|
4970
5118
|
end
|
4971
5119
|
|
5120
|
+
# This exception is thrown when WAF doesn't allow your request based on
|
5121
|
+
# a web ACL that's associated with your user pool.
|
5122
|
+
#
|
5123
|
+
# @!attribute [rw] message
|
5124
|
+
# The message returned when WAF doesn't allow your request based on a
|
5125
|
+
# web ACL that's associated with your user pool.
|
5126
|
+
# @return [String]
|
5127
|
+
#
|
5128
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ForbiddenException AWS API Documentation
|
5129
|
+
#
|
5130
|
+
class ForbiddenException < Struct.new(
|
5131
|
+
:message)
|
5132
|
+
SENSITIVE = []
|
5133
|
+
include Aws::Structure
|
5134
|
+
end
|
5135
|
+
|
4972
5136
|
# Represents the request to forget the device.
|
4973
5137
|
#
|
4974
5138
|
# @note When making an API call, you may pass ForgetDeviceRequest
|
@@ -4980,7 +5144,8 @@ module Aws::CognitoIdentityProvider
|
|
4980
5144
|
# }
|
4981
5145
|
#
|
4982
5146
|
# @!attribute [rw] access_token
|
4983
|
-
#
|
5147
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
5148
|
+
# registered device you want to forget.
|
4984
5149
|
# @return [String]
|
4985
5150
|
#
|
4986
5151
|
# @!attribute [rw] device_key
|
@@ -5005,6 +5170,7 @@ module Aws::CognitoIdentityProvider
|
|
5005
5170
|
# client_id: "ClientIdType", # required
|
5006
5171
|
# secret_hash: "SecretHashType",
|
5007
5172
|
# user_context_data: {
|
5173
|
+
# ip_address: "StringType",
|
5008
5174
|
# encoded_data: "StringType",
|
5009
5175
|
# },
|
5010
5176
|
# username: "UsernameType", # required
|
@@ -5027,9 +5193,11 @@ module Aws::CognitoIdentityProvider
|
|
5027
5193
|
# @return [String]
|
5028
5194
|
#
|
5029
5195
|
# @!attribute [rw] user_context_data
|
5030
|
-
# Contextual data such as the
|
5031
|
-
#
|
5032
|
-
#
|
5196
|
+
# Contextual data about your user session, such as the device
|
5197
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
5198
|
+
# security evaluates the risk of an authentication event based on the
|
5199
|
+
# context that your app generates and passes to Amazon Cognito when it
|
5200
|
+
# makes API requests.
|
5033
5201
|
# @return [Types::UserContextDataType]
|
5034
5202
|
#
|
5035
5203
|
# @!attribute [rw] username
|
@@ -5038,8 +5206,8 @@ module Aws::CognitoIdentityProvider
|
|
5038
5206
|
# @return [String]
|
5039
5207
|
#
|
5040
5208
|
# @!attribute [rw] analytics_metadata
|
5041
|
-
# The Amazon Pinpoint analytics metadata
|
5042
|
-
# `ForgotPassword` calls.
|
5209
|
+
# The Amazon Pinpoint analytics metadata that contributes to your
|
5210
|
+
# metrics for `ForgotPassword` calls.
|
5043
5211
|
# @return [Types::AnalyticsMetadataType]
|
5044
5212
|
#
|
5045
5213
|
# @!attribute [rw] client_metadata
|
@@ -5094,8 +5262,7 @@ module Aws::CognitoIdentityProvider
|
|
5094
5262
|
include Aws::Structure
|
5095
5263
|
end
|
5096
5264
|
|
5097
|
-
#
|
5098
|
-
# reset a password.
|
5265
|
+
# The response from Amazon Cognito to a request to reset a password.
|
5099
5266
|
#
|
5100
5267
|
# @!attribute [rw] code_delivery_details
|
5101
5268
|
# The code delivery details returned by the server in response to the
|
@@ -5169,7 +5336,8 @@ module Aws::CognitoIdentityProvider
|
|
5169
5336
|
# @return [String]
|
5170
5337
|
#
|
5171
5338
|
# @!attribute [rw] access_token
|
5172
|
-
#
|
5339
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
5340
|
+
# device information you want to request.
|
5173
5341
|
# @return [String]
|
5174
5342
|
#
|
5175
5343
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetDeviceRequest AWS API Documentation
|
@@ -5245,7 +5413,7 @@ module Aws::CognitoIdentityProvider
|
|
5245
5413
|
# @return [String]
|
5246
5414
|
#
|
5247
5415
|
# @!attribute [rw] idp_identifier
|
5248
|
-
# The
|
5416
|
+
# The IdP identifier.
|
5249
5417
|
# @return [String]
|
5250
5418
|
#
|
5251
5419
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetIdentityProviderByIdentifierRequest AWS API Documentation
|
@@ -5258,7 +5426,7 @@ module Aws::CognitoIdentityProvider
|
|
5258
5426
|
end
|
5259
5427
|
|
5260
5428
|
# @!attribute [rw] identity_provider
|
5261
|
-
# The
|
5429
|
+
# The IdP object.
|
5262
5430
|
# @return [Types::IdentityProviderType]
|
5263
5431
|
#
|
5264
5432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetIdentityProviderByIdentifierResponse AWS API Documentation
|
@@ -5355,8 +5523,8 @@ module Aws::CognitoIdentityProvider
|
|
5355
5523
|
# }
|
5356
5524
|
#
|
5357
5525
|
# @!attribute [rw] access_token
|
5358
|
-
#
|
5359
|
-
#
|
5526
|
+
# A non-expired access token for the user whose attribute verification
|
5527
|
+
# code you want to generate.
|
5360
5528
|
# @return [String]
|
5361
5529
|
#
|
5362
5530
|
# @!attribute [rw] attribute_name
|
@@ -5448,15 +5616,17 @@ module Aws::CognitoIdentityProvider
|
|
5448
5616
|
end
|
5449
5617
|
|
5450
5618
|
# @!attribute [rw] sms_mfa_configuration
|
5451
|
-
# The SMS text message multi-factor (MFA)
|
5619
|
+
# The SMS text message multi-factor authentication (MFA)
|
5620
|
+
# configuration.
|
5452
5621
|
# @return [Types::SmsMfaConfigType]
|
5453
5622
|
#
|
5454
5623
|
# @!attribute [rw] software_token_mfa_configuration
|
5455
|
-
# The software token multi-factor (MFA) configuration.
|
5624
|
+
# The software token multi-factor authentication (MFA) configuration.
|
5456
5625
|
# @return [Types::SoftwareTokenMfaConfigType]
|
5457
5626
|
#
|
5458
5627
|
# @!attribute [rw] mfa_configuration
|
5459
|
-
# The multi-factor (MFA) configuration. Valid values
|
5628
|
+
# The multi-factor authentication (MFA) configuration. Valid values
|
5629
|
+
# include:
|
5460
5630
|
#
|
5461
5631
|
# * `OFF` MFA won't be used for any users.
|
5462
5632
|
#
|
@@ -5486,8 +5656,8 @@ module Aws::CognitoIdentityProvider
|
|
5486
5656
|
# }
|
5487
5657
|
#
|
5488
5658
|
# @!attribute [rw] access_token
|
5489
|
-
#
|
5490
|
-
#
|
5659
|
+
# A non-expired access token for the user whose information you want
|
5660
|
+
# to query.
|
5491
5661
|
# @return [String]
|
5492
5662
|
#
|
5493
5663
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserRequest AWS API Documentation
|
@@ -5552,7 +5722,8 @@ module Aws::CognitoIdentityProvider
|
|
5552
5722
|
# }
|
5553
5723
|
#
|
5554
5724
|
# @!attribute [rw] access_token
|
5555
|
-
#
|
5725
|
+
# A valid access token that Amazon Cognito issued to the user who you
|
5726
|
+
# want to sign out.
|
5556
5727
|
# @return [String]
|
5557
5728
|
#
|
5558
5729
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GlobalSignOutRequest AWS API Documentation
|
@@ -5670,23 +5841,23 @@ module Aws::CognitoIdentityProvider
|
|
5670
5841
|
include Aws::Structure
|
5671
5842
|
end
|
5672
5843
|
|
5673
|
-
# A container for information about an
|
5844
|
+
# A container for information about an IdP.
|
5674
5845
|
#
|
5675
5846
|
# @!attribute [rw] user_pool_id
|
5676
5847
|
# The user pool ID.
|
5677
5848
|
# @return [String]
|
5678
5849
|
#
|
5679
5850
|
# @!attribute [rw] provider_name
|
5680
|
-
# The
|
5851
|
+
# The IdP name.
|
5681
5852
|
# @return [String]
|
5682
5853
|
#
|
5683
5854
|
# @!attribute [rw] provider_type
|
5684
|
-
# The
|
5855
|
+
# The IdP type.
|
5685
5856
|
# @return [String]
|
5686
5857
|
#
|
5687
5858
|
# @!attribute [rw] provider_details
|
5688
|
-
# The
|
5689
|
-
#
|
5859
|
+
# The IdP details. The following list describes the provider detail
|
5860
|
+
# keys for each IdP type.
|
5690
5861
|
#
|
5691
5862
|
# * For Google and Login with Amazon:
|
5692
5863
|
#
|
@@ -5716,6 +5887,9 @@ module Aws::CognitoIdentityProvider
|
|
5716
5887
|
#
|
5717
5888
|
# * private\_key
|
5718
5889
|
#
|
5890
|
+
# *You can submit a private\_key when you add or update an IdP.
|
5891
|
+
# Describe operations don't return the private key.*
|
5892
|
+
#
|
5719
5893
|
# * authorize\_scopes
|
5720
5894
|
#
|
5721
5895
|
# * For OIDC providers:
|
@@ -5730,43 +5904,46 @@ module Aws::CognitoIdentityProvider
|
|
5730
5904
|
#
|
5731
5905
|
# * authorize\_scopes
|
5732
5906
|
#
|
5733
|
-
# *
|
5734
|
-
#
|
5907
|
+
# * The following keys are only present if Amazon Cognito didn't
|
5908
|
+
# discover them at the `oidc_issuer` URL.
|
5909
|
+
#
|
5910
|
+
# * authorize\_url
|
5735
5911
|
#
|
5736
|
-
#
|
5737
|
-
# oidc\_issuer key*
|
5912
|
+
# * token\_url
|
5738
5913
|
#
|
5739
|
-
#
|
5740
|
-
# by oidc\_issuer key*
|
5914
|
+
# * attributes\_url
|
5741
5915
|
#
|
5742
|
-
#
|
5743
|
-
# oidc\_issuer key*
|
5916
|
+
# * jwks\_uri
|
5744
5917
|
#
|
5745
|
-
# *
|
5746
|
-
#
|
5918
|
+
# * Amazon Cognito sets the value of the following keys
|
5919
|
+
# automatically. They are read-only.
|
5920
|
+
#
|
5921
|
+
# * attributes\_url\_add\_attributes
|
5922
|
+
#
|
5923
|
+
# ^
|
5747
5924
|
#
|
5748
5925
|
# * For SAML providers:
|
5749
5926
|
#
|
5750
5927
|
# * MetadataFile or MetadataURL
|
5751
5928
|
#
|
5752
|
-
# *
|
5929
|
+
# * IDPSignout *optional*
|
5753
5930
|
# @return [Hash<String,String>]
|
5754
5931
|
#
|
5755
5932
|
# @!attribute [rw] attribute_mapping
|
5756
|
-
# A mapping of
|
5757
|
-
#
|
5933
|
+
# A mapping of IdP attributes to standard and custom user pool
|
5934
|
+
# attributes.
|
5758
5935
|
# @return [Hash<String,String>]
|
5759
5936
|
#
|
5760
5937
|
# @!attribute [rw] idp_identifiers
|
5761
|
-
# A list of
|
5938
|
+
# A list of IdP identifiers.
|
5762
5939
|
# @return [Array<String>]
|
5763
5940
|
#
|
5764
5941
|
# @!attribute [rw] last_modified_date
|
5765
|
-
# The date the
|
5942
|
+
# The date the IdP was last modified.
|
5766
5943
|
# @return [Time]
|
5767
5944
|
#
|
5768
5945
|
# @!attribute [rw] creation_date
|
5769
|
-
# The date the
|
5946
|
+
# The date the IdP was created.
|
5770
5947
|
# @return [Time]
|
5771
5948
|
#
|
5772
5949
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/IdentityProviderType AWS API Documentation
|
@@ -5802,6 +5979,7 @@ module Aws::CognitoIdentityProvider
|
|
5802
5979
|
# analytics_endpoint_id: "StringType",
|
5803
5980
|
# },
|
5804
5981
|
# user_context_data: {
|
5982
|
+
# ip_address: "StringType",
|
5805
5983
|
# encoded_data: "StringType",
|
5806
5984
|
# },
|
5807
5985
|
# }
|
@@ -5830,10 +6008,10 @@ module Aws::CognitoIdentityProvider
|
|
5830
6008
|
#
|
5831
6009
|
# * `CUSTOM_AUTH`\: Custom authentication flow.
|
5832
6010
|
#
|
5833
|
-
# * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow;
|
5834
|
-
#
|
6011
|
+
# * `USER_PASSWORD_AUTH`\: Non-SRP authentication flow; user name and
|
6012
|
+
# password are passed directly. If a user migration Lambda trigger
|
5835
6013
|
# is set, this flow will invoke the user migration Lambda if it
|
5836
|
-
# doesn't find the
|
6014
|
+
# doesn't find the user name in the user pool.
|
5837
6015
|
#
|
5838
6016
|
# `ADMIN_NO_SRP_AUTH` isn't a valid value.
|
5839
6017
|
# @return [String]
|
@@ -5925,14 +6103,16 @@ module Aws::CognitoIdentityProvider
|
|
5925
6103
|
# @return [String]
|
5926
6104
|
#
|
5927
6105
|
# @!attribute [rw] analytics_metadata
|
5928
|
-
# The Amazon Pinpoint analytics metadata
|
5929
|
-
# `InitiateAuth` calls.
|
6106
|
+
# The Amazon Pinpoint analytics metadata that contributes to your
|
6107
|
+
# metrics for `InitiateAuth` calls.
|
5930
6108
|
# @return [Types::AnalyticsMetadataType]
|
5931
6109
|
#
|
5932
6110
|
# @!attribute [rw] user_context_data
|
5933
|
-
# Contextual data such as the
|
5934
|
-
#
|
5935
|
-
#
|
6111
|
+
# Contextual data about your user session, such as the device
|
6112
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
6113
|
+
# security evaluates the risk of an authentication event based on the
|
6114
|
+
# context that your app generates and passes to Amazon Cognito when it
|
6115
|
+
# makes API requests.
|
5936
6116
|
# @return [Types::UserContextDataType]
|
5937
6117
|
#
|
5938
6118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/InitiateAuthRequest AWS API Documentation
|
@@ -5981,9 +6161,23 @@ module Aws::CognitoIdentityProvider
|
|
5981
6161
|
# for devices only.
|
5982
6162
|
#
|
5983
6163
|
# * `NEW_PASSWORD_REQUIRED`\: For users who are required to change
|
5984
|
-
# their passwords after successful first login.
|
5985
|
-
#
|
5986
|
-
#
|
6164
|
+
# their passwords after successful first login.
|
6165
|
+
#
|
6166
|
+
# Respond to this challenge with `NEW_PASSWORD` and any required
|
6167
|
+
# attributes that Amazon Cognito returned in the
|
6168
|
+
# `requiredAttributes` parameter. You can also set values for
|
6169
|
+
# attributes that aren't required by your user pool and that your
|
6170
|
+
# app client can write. For more information, see
|
6171
|
+
# [RespondToAuthChallenge][1].
|
6172
|
+
#
|
6173
|
+
# <note markdown="1"> In a `NEW_PASSWORD_REQUIRED` challenge response, you can't modify
|
6174
|
+
# a required attribute that already has a value. In
|
6175
|
+
# `RespondToAuthChallenge`, set a value for any keys that Amazon
|
6176
|
+
# Cognito returned in the `requiredAttributes` parameter, then use
|
6177
|
+
# the `UpdateUserAttributes` API operation to modify the value of
|
6178
|
+
# any additional attributes.
|
6179
|
+
#
|
6180
|
+
# </note>
|
5987
6181
|
#
|
5988
6182
|
# * `MFA_SETUP`\: For users who are required to setup an MFA factor
|
5989
6183
|
# before they can sign in. The MFA types activated for the user pool
|
@@ -5996,6 +6190,10 @@ module Aws::CognitoIdentityProvider
|
|
5996
6190
|
# complete sign-in. To set up SMS MFA, an administrator should help
|
5997
6191
|
# the user to add a phone number to their account, and then the user
|
5998
6192
|
# should call `InitiateAuth` again to restart sign-in.
|
6193
|
+
#
|
6194
|
+
#
|
6195
|
+
#
|
6196
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html
|
5999
6197
|
# @return [String]
|
6000
6198
|
#
|
6001
6199
|
# @!attribute [rw] session
|
@@ -6071,7 +6269,7 @@ module Aws::CognitoIdentityProvider
|
|
6071
6269
|
# Lambda response.
|
6072
6270
|
#
|
6073
6271
|
# @!attribute [rw] message
|
6074
|
-
# The message returned when Amazon Cognito
|
6272
|
+
# The message returned when Amazon Cognito throws an invalid Lambda
|
6075
6273
|
# response exception.
|
6076
6274
|
# @return [String]
|
6077
6275
|
#
|
@@ -6308,7 +6506,8 @@ module Aws::CognitoIdentityProvider
|
|
6308
6506
|
# }
|
6309
6507
|
#
|
6310
6508
|
# @!attribute [rw] access_token
|
6311
|
-
#
|
6509
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
6510
|
+
# list of devices you want to view.
|
6312
6511
|
# @return [String]
|
6313
6512
|
#
|
6314
6513
|
# @!attribute [rw] limit
|
@@ -6414,7 +6613,7 @@ module Aws::CognitoIdentityProvider
|
|
6414
6613
|
# @return [String]
|
6415
6614
|
#
|
6416
6615
|
# @!attribute [rw] max_results
|
6417
|
-
# The maximum number of
|
6616
|
+
# The maximum number of IdPs to return.
|
6418
6617
|
# @return [Integer]
|
6419
6618
|
#
|
6420
6619
|
# @!attribute [rw] next_token
|
@@ -6432,7 +6631,7 @@ module Aws::CognitoIdentityProvider
|
|
6432
6631
|
end
|
6433
6632
|
|
6434
6633
|
# @!attribute [rw] providers
|
6435
|
-
# A list of
|
6634
|
+
# A list of IdP objects.
|
6436
6635
|
# @return [Array<Types::ProviderDescription>]
|
6437
6636
|
#
|
6438
6637
|
# @!attribute [rw] next_token
|
@@ -6738,9 +6937,8 @@ module Aws::CognitoIdentityProvider
|
|
6738
6937
|
# @return [Array<Types::UserType>]
|
6739
6938
|
#
|
6740
6939
|
# @!attribute [rw] next_token
|
6741
|
-
# An identifier that
|
6742
|
-
#
|
6743
|
-
# list.
|
6940
|
+
# An identifier that you can use in a later request to return the next
|
6941
|
+
# set of items in the list.
|
6744
6942
|
# @return [String]
|
6745
6943
|
#
|
6746
6944
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUsersInGroupResponse AWS API Documentation
|
@@ -6831,8 +7029,8 @@ module Aws::CognitoIdentityProvider
|
|
6831
7029
|
# Custom attributes aren't searchable.
|
6832
7030
|
#
|
6833
7031
|
# <note markdown="1"> You can also list users with a client-side filter. The server-side
|
6834
|
-
# filter matches no more than
|
6835
|
-
# a client-side filter with the `--query` parameter of the
|
7032
|
+
# filter matches no more than one attribute. For an advanced search,
|
7033
|
+
# use a client-side filter with the `--query` parameter of the
|
6836
7034
|
# `list-users` action in the CLI. When you use a client-side filter,
|
6837
7035
|
# ListUsers returns a paginated list of zero or more users. You can
|
6838
7036
|
# receive multiple pages in a row with zero results. Repeat the query
|
@@ -7190,8 +7388,8 @@ module Aws::CognitoIdentityProvider
|
|
7190
7388
|
# administrator must reset their password.
|
7191
7389
|
#
|
7192
7390
|
# <note markdown="1"> When you set `TemporaryPasswordValidityDays` for a user pool, you
|
7193
|
-
# can no longer set the
|
7194
|
-
#
|
7391
|
+
# can no longer set a value for the legacy `UnusedAccountValidityDays`
|
7392
|
+
# parameter in that user pool.
|
7195
7393
|
#
|
7196
7394
|
# </note>
|
7197
7395
|
# @return [Integer]
|
@@ -7237,14 +7435,14 @@ module Aws::CognitoIdentityProvider
|
|
7237
7435
|
include Aws::Structure
|
7238
7436
|
end
|
7239
7437
|
|
7240
|
-
# A container for
|
7438
|
+
# A container for IdP details.
|
7241
7439
|
#
|
7242
7440
|
# @!attribute [rw] provider_name
|
7243
|
-
# The
|
7441
|
+
# The IdP name.
|
7244
7442
|
# @return [String]
|
7245
7443
|
#
|
7246
7444
|
# @!attribute [rw] provider_type
|
7247
|
-
# The
|
7445
|
+
# The IdP type.
|
7248
7446
|
# @return [String]
|
7249
7447
|
#
|
7250
7448
|
# @!attribute [rw] last_modified_date
|
@@ -7266,8 +7464,7 @@ module Aws::CognitoIdentityProvider
|
|
7266
7464
|
include Aws::Structure
|
7267
7465
|
end
|
7268
7466
|
|
7269
|
-
# A container for information about an
|
7270
|
-
# pool.
|
7467
|
+
# A container for information about an IdP for a user pool.
|
7271
7468
|
#
|
7272
7469
|
# @note When making an API call, you may pass ProviderUserIdentifierType
|
7273
7470
|
# data as a hash:
|
@@ -7340,6 +7537,7 @@ module Aws::CognitoIdentityProvider
|
|
7340
7537
|
# client_id: "ClientIdType", # required
|
7341
7538
|
# secret_hash: "SecretHashType",
|
7342
7539
|
# user_context_data: {
|
7540
|
+
# ip_address: "StringType",
|
7343
7541
|
# encoded_data: "StringType",
|
7344
7542
|
# },
|
7345
7543
|
# username: "UsernameType", # required
|
@@ -7362,9 +7560,11 @@ module Aws::CognitoIdentityProvider
|
|
7362
7560
|
# @return [String]
|
7363
7561
|
#
|
7364
7562
|
# @!attribute [rw] user_context_data
|
7365
|
-
# Contextual data such as the
|
7366
|
-
#
|
7367
|
-
#
|
7563
|
+
# Contextual data about your user session, such as the device
|
7564
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
7565
|
+
# security evaluates the risk of an authentication event based on the
|
7566
|
+
# context that your app generates and passes to Amazon Cognito when it
|
7567
|
+
# makes API requests.
|
7368
7568
|
# @return [Types::UserContextDataType]
|
7369
7569
|
#
|
7370
7570
|
# @!attribute [rw] username
|
@@ -7373,8 +7573,8 @@ module Aws::CognitoIdentityProvider
|
|
7373
7573
|
# @return [String]
|
7374
7574
|
#
|
7375
7575
|
# @!attribute [rw] analytics_metadata
|
7376
|
-
# The Amazon Pinpoint analytics metadata
|
7377
|
-
# `ResendConfirmationCode` calls.
|
7576
|
+
# The Amazon Pinpoint analytics metadata that contributes to your
|
7577
|
+
# metrics for `ResendConfirmationCode` calls.
|
7378
7578
|
# @return [Types::AnalyticsMetadataType]
|
7379
7579
|
#
|
7380
7580
|
# @!attribute [rw] client_metadata
|
@@ -7532,6 +7732,7 @@ module Aws::CognitoIdentityProvider
|
|
7532
7732
|
# analytics_endpoint_id: "StringType",
|
7533
7733
|
# },
|
7534
7734
|
# user_context_data: {
|
7735
|
+
# ip_address: "StringType",
|
7535
7736
|
# encoded_data: "StringType",
|
7536
7737
|
# },
|
7537
7738
|
# client_metadata: {
|
@@ -7577,13 +7778,27 @@ module Aws::CognitoIdentityProvider
|
|
7577
7778
|
# * `PASSWORD_VERIFIER`\: `PASSWORD_CLAIM_SIGNATURE`,
|
7578
7779
|
# `PASSWORD_CLAIM_SECRET_BLOCK`, `TIMESTAMP`, `USERNAME`.
|
7579
7780
|
#
|
7580
|
-
# <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when
|
7781
|
+
# <note markdown="1"> `PASSWORD_VERIFIER` requires `DEVICE_KEY` when you sign in with a
|
7581
7782
|
# remembered device.
|
7582
7783
|
#
|
7583
7784
|
# </note>
|
7584
7785
|
#
|
7585
|
-
# * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`,
|
7586
|
-
#
|
7786
|
+
# * `NEW_PASSWORD_REQUIRED`\: `NEW_PASSWORD`, `USERNAME`,
|
7787
|
+
# `SECRET_HASH` (if app client is configured with client secret). To
|
7788
|
+
# set any required attributes that Amazon Cognito returned as
|
7789
|
+
# `requiredAttributes` in the `InitiateAuth` response, add a
|
7790
|
+
# `userAttributes.attributename ` parameter. This parameter can also
|
7791
|
+
# set values for writable attributes that aren't required by your
|
7792
|
+
# user pool.
|
7793
|
+
#
|
7794
|
+
# <note markdown="1"> In a `NEW_PASSWORD_REQUIRED` challenge response, you can't modify
|
7795
|
+
# a required attribute that already has a value. In
|
7796
|
+
# `RespondToAuthChallenge`, set a value for any keys that Amazon
|
7797
|
+
# Cognito returned in the `requiredAttributes` parameter, then use
|
7798
|
+
# the `UpdateUserAttributes` API operation to modify the value of
|
7799
|
+
# any additional attributes.
|
7800
|
+
#
|
7801
|
+
# </note>
|
7587
7802
|
#
|
7588
7803
|
# * `SOFTWARE_TOKEN_MFA`\: `USERNAME` and `SOFTWARE_TOKEN_MFA_CODE`
|
7589
7804
|
# are required attributes.
|
@@ -7600,14 +7815,16 @@ module Aws::CognitoIdentityProvider
|
|
7600
7815
|
# @return [Hash<String,String>]
|
7601
7816
|
#
|
7602
7817
|
# @!attribute [rw] analytics_metadata
|
7603
|
-
# The Amazon Pinpoint analytics metadata
|
7604
|
-
# `RespondToAuthChallenge` calls.
|
7818
|
+
# The Amazon Pinpoint analytics metadata that contributes to your
|
7819
|
+
# metrics for `RespondToAuthChallenge` calls.
|
7605
7820
|
# @return [Types::AnalyticsMetadataType]
|
7606
7821
|
#
|
7607
7822
|
# @!attribute [rw] user_context_data
|
7608
|
-
# Contextual data such as the
|
7609
|
-
#
|
7610
|
-
#
|
7823
|
+
# Contextual data about your user session, such as the device
|
7824
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
7825
|
+
# security evaluates the risk of an authentication event based on the
|
7826
|
+
# context that your app generates and passes to Amazon Cognito when it
|
7827
|
+
# makes API requests.
|
7611
7828
|
# @return [Types::UserContextDataType]
|
7612
7829
|
#
|
7613
7830
|
# @!attribute [rw] client_metadata
|
@@ -7903,13 +8120,13 @@ module Aws::CognitoIdentityProvider
|
|
7903
8120
|
# @!attribute [rw] mutable
|
7904
8121
|
# Specifies whether the value of the attribute can be changed.
|
7905
8122
|
#
|
7906
|
-
# For any user pool attribute that is mapped to an
|
7907
|
-
#
|
7908
|
-
#
|
7909
|
-
#
|
7910
|
-
#
|
7911
|
-
#
|
7912
|
-
#
|
8123
|
+
# For any user pool attribute that is mapped to an IdP attribute, you
|
8124
|
+
# must set this parameter to `true`. Amazon Cognito updates mapped
|
8125
|
+
# attributes when users sign in to your application through an IdP. If
|
8126
|
+
# an attribute is immutable, Amazon Cognito throws an error when it
|
8127
|
+
# attempts to update the attribute. For more information, see
|
8128
|
+
# [Specifying Identity Provider Attribute Mappings for Your User
|
8129
|
+
# Pool][1].
|
7913
8130
|
#
|
7914
8131
|
#
|
7915
8132
|
#
|
@@ -8131,11 +8348,12 @@ module Aws::CognitoIdentityProvider
|
|
8131
8348
|
# @return [Types::SMSMfaSettingsType]
|
8132
8349
|
#
|
8133
8350
|
# @!attribute [rw] software_token_mfa_settings
|
8134
|
-
# The time-based one-time password software token MFA settings.
|
8351
|
+
# The time-based one-time password (TOTP) software token MFA settings.
|
8135
8352
|
# @return [Types::SoftwareTokenMfaSettingsType]
|
8136
8353
|
#
|
8137
8354
|
# @!attribute [rw] access_token
|
8138
|
-
#
|
8355
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
8356
|
+
# MFA preference you want to set.
|
8139
8357
|
# @return [String]
|
8140
8358
|
#
|
8141
8359
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserMFAPreferenceRequest AWS API Documentation
|
@@ -8254,7 +8472,8 @@ module Aws::CognitoIdentityProvider
|
|
8254
8472
|
# }
|
8255
8473
|
#
|
8256
8474
|
# @!attribute [rw] access_token
|
8257
|
-
#
|
8475
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
8476
|
+
# user settings you want to configure.
|
8258
8477
|
# @return [String]
|
8259
8478
|
#
|
8260
8479
|
# @!attribute [rw] mfa_options
|
@@ -8303,6 +8522,7 @@ module Aws::CognitoIdentityProvider
|
|
8303
8522
|
# analytics_endpoint_id: "StringType",
|
8304
8523
|
# },
|
8305
8524
|
# user_context_data: {
|
8525
|
+
# ip_address: "StringType",
|
8306
8526
|
# encoded_data: "StringType",
|
8307
8527
|
# },
|
8308
8528
|
# client_metadata: {
|
@@ -8340,14 +8560,16 @@ module Aws::CognitoIdentityProvider
|
|
8340
8560
|
# @return [Array<Types::AttributeType>]
|
8341
8561
|
#
|
8342
8562
|
# @!attribute [rw] analytics_metadata
|
8343
|
-
# The Amazon Pinpoint analytics metadata
|
8344
|
-
# `SignUp` calls.
|
8563
|
+
# The Amazon Pinpoint analytics metadata that contributes to your
|
8564
|
+
# metrics for `SignUp` calls.
|
8345
8565
|
# @return [Types::AnalyticsMetadataType]
|
8346
8566
|
#
|
8347
8567
|
# @!attribute [rw] user_context_data
|
8348
|
-
# Contextual data such as the
|
8349
|
-
#
|
8350
|
-
#
|
8568
|
+
# Contextual data about your user session, such as the device
|
8569
|
+
# fingerprint, IP address, or location. Amazon Cognito advanced
|
8570
|
+
# security evaluates the risk of an authentication event based on the
|
8571
|
+
# context that your app generates and passes to Amazon Cognito when it
|
8572
|
+
# makes API requests.
|
8351
8573
|
# @return [Types::UserContextDataType]
|
8352
8574
|
#
|
8353
8575
|
# @!attribute [rw] client_metadata
|
@@ -8760,8 +8982,8 @@ module Aws::CognitoIdentityProvider
|
|
8760
8982
|
#
|
8761
8983
|
class TagResourceResponse < Aws::EmptyStructure; end
|
8762
8984
|
|
8763
|
-
# The data type
|
8764
|
-
#
|
8985
|
+
# The data type TokenValidityUnits specifies the time units you use when
|
8986
|
+
# you set the duration of ID, access, and refresh tokens.
|
8765
8987
|
#
|
8766
8988
|
# @note When making an API call, you may pass TokenValidityUnitsType
|
8767
8989
|
# data as a hash:
|
@@ -8773,18 +8995,21 @@ module Aws::CognitoIdentityProvider
|
|
8773
8995
|
# }
|
8774
8996
|
#
|
8775
8997
|
# @!attribute [rw] access_token
|
8776
|
-
# A time unit
|
8777
|
-
# value in AccessTokenValidity
|
8998
|
+
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
8999
|
+
# value that you set in the `AccessTokenValidity` parameter. The
|
9000
|
+
# default `AccessTokenValidity` time unit is hours.
|
8778
9001
|
# @return [String]
|
8779
9002
|
#
|
8780
9003
|
# @!attribute [rw] id_token
|
8781
|
-
# A time unit
|
8782
|
-
# value in IdTokenValidity
|
9004
|
+
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
9005
|
+
# value that you set in the `IdTokenValidity` parameter. The default
|
9006
|
+
# `IdTokenValidity` time unit is hours.
|
8783
9007
|
# @return [String]
|
8784
9008
|
#
|
8785
9009
|
# @!attribute [rw] refresh_token
|
8786
|
-
# A time unit
|
8787
|
-
# value in RefreshTokenValidity
|
9010
|
+
# A time unit of `seconds`, `minutes`, `hours`, or `days` for the
|
9011
|
+
# value that you set in the `RefreshTokenValidity` parameter. The
|
9012
|
+
# default `RefreshTokenValidity` time unit is days.
|
8788
9013
|
# @return [String]
|
8789
9014
|
#
|
8790
9015
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/TokenValidityUnitsType AWS API Documentation
|
@@ -9049,7 +9274,8 @@ module Aws::CognitoIdentityProvider
|
|
9049
9274
|
# }
|
9050
9275
|
#
|
9051
9276
|
# @!attribute [rw] access_token
|
9052
|
-
#
|
9277
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
9278
|
+
# device status you want to update.
|
9053
9279
|
# @return [String]
|
9054
9280
|
#
|
9055
9281
|
# @!attribute [rw] device_key
|
@@ -9158,20 +9384,20 @@ module Aws::CognitoIdentityProvider
|
|
9158
9384
|
# @return [String]
|
9159
9385
|
#
|
9160
9386
|
# @!attribute [rw] provider_name
|
9161
|
-
# The
|
9387
|
+
# The IdP name.
|
9162
9388
|
# @return [String]
|
9163
9389
|
#
|
9164
9390
|
# @!attribute [rw] provider_details
|
9165
|
-
# The
|
9166
|
-
#
|
9391
|
+
# The IdP details to be updated, such as `MetadataURL` and
|
9392
|
+
# `MetadataFile`.
|
9167
9393
|
# @return [Hash<String,String>]
|
9168
9394
|
#
|
9169
9395
|
# @!attribute [rw] attribute_mapping
|
9170
|
-
# The
|
9396
|
+
# The IdP attribute mapping to be changed.
|
9171
9397
|
# @return [Hash<String,String>]
|
9172
9398
|
#
|
9173
9399
|
# @!attribute [rw] idp_identifiers
|
9174
|
-
# A list of
|
9400
|
+
# A list of IdP identifiers.
|
9175
9401
|
# @return [Array<String>]
|
9176
9402
|
#
|
9177
9403
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateIdentityProviderRequest AWS API Documentation
|
@@ -9187,7 +9413,7 @@ module Aws::CognitoIdentityProvider
|
|
9187
9413
|
end
|
9188
9414
|
|
9189
9415
|
# @!attribute [rw] identity_provider
|
9190
|
-
# The
|
9416
|
+
# The IdP object.
|
9191
9417
|
# @return [Types::IdentityProviderType]
|
9192
9418
|
#
|
9193
9419
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateIdentityProviderResponse AWS API Documentation
|
@@ -9275,10 +9501,19 @@ module Aws::CognitoIdentityProvider
|
|
9275
9501
|
#
|
9276
9502
|
# For custom attributes, you must prepend the `custom:` prefix to the
|
9277
9503
|
# attribute name.
|
9504
|
+
#
|
9505
|
+
# If you have set an attribute to require verification before Amazon
|
9506
|
+
# Cognito updates its value, this request doesn’t immediately update
|
9507
|
+
# the value of that attribute. After your user receives and responds
|
9508
|
+
# to a verification message to verify the new value, Amazon Cognito
|
9509
|
+
# updates the attribute value. Your user can sign in and receive
|
9510
|
+
# messages with the original attribute value until they verify the new
|
9511
|
+
# value.
|
9278
9512
|
# @return [Array<Types::AttributeType>]
|
9279
9513
|
#
|
9280
9514
|
# @!attribute [rw] access_token
|
9281
|
-
#
|
9515
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
9516
|
+
# user attributes you want to update.
|
9282
9517
|
# @return [String]
|
9283
9518
|
#
|
9284
9519
|
# @!attribute [rw] client_metadata
|
@@ -9381,6 +9616,7 @@ module Aws::CognitoIdentityProvider
|
|
9381
9616
|
# },
|
9382
9617
|
# prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
|
9383
9618
|
# enable_token_revocation: false,
|
9619
|
+
# enable_propagate_additional_user_context_data: false,
|
9384
9620
|
# }
|
9385
9621
|
#
|
9386
9622
|
# @!attribute [rw] user_pool_id
|
@@ -9397,23 +9633,53 @@ module Aws::CognitoIdentityProvider
|
|
9397
9633
|
# @return [String]
|
9398
9634
|
#
|
9399
9635
|
# @!attribute [rw] refresh_token_validity
|
9400
|
-
# The time limit
|
9401
|
-
#
|
9636
|
+
# The refresh token time limit. After this limit expires, your user
|
9637
|
+
# can't use their refresh token. To specify the time unit for
|
9638
|
+
# `RefreshTokenValidity` as `seconds`, `minutes`, `hours`, or `days`,
|
9639
|
+
# set a `TokenValidityUnits` value in your API request.
|
9640
|
+
#
|
9641
|
+
# For example, when you set `RefreshTokenValidity` as `10` and
|
9642
|
+
# `TokenValidityUnits` as `days`, your user can refresh their session
|
9643
|
+
# and retrieve new access and ID tokens for 10 days.
|
9644
|
+
#
|
9645
|
+
# The default time unit for `RefreshTokenValidity` in an API request
|
9646
|
+
# is days. You can't set `RefreshTokenValidity` to 0. If you do,
|
9647
|
+
# Amazon Cognito overrides the value with the default value of 30
|
9648
|
+
# days. *Valid range* is displayed below in seconds.
|
9402
9649
|
# @return [Integer]
|
9403
9650
|
#
|
9404
9651
|
# @!attribute [rw] access_token_validity
|
9405
|
-
# The time limit
|
9406
|
-
# can't
|
9652
|
+
# The access token time limit. After this limit expires, your user
|
9653
|
+
# can't use their access token. To specify the time unit for
|
9654
|
+
# `AccessTokenValidity` as `seconds`, `minutes`, `hours`, or `days`,
|
9655
|
+
# set a `TokenValidityUnits` value in your API request.
|
9656
|
+
#
|
9657
|
+
# For example, when you set `AccessTokenValidity` to `10` and
|
9658
|
+
# `TokenValidityUnits` to `hours`, your user can authorize access with
|
9659
|
+
# their access token for 10 hours.
|
9660
|
+
#
|
9661
|
+
# The default time unit for `AccessTokenValidity` in an API request is
|
9662
|
+
# hours. *Valid range* is displayed below in seconds.
|
9407
9663
|
# @return [Integer]
|
9408
9664
|
#
|
9409
9665
|
# @!attribute [rw] id_token_validity
|
9410
|
-
# The time limit
|
9411
|
-
#
|
9666
|
+
# The ID token time limit. After this limit expires, your user can't
|
9667
|
+
# use their ID token. To specify the time unit for `IdTokenValidity`
|
9668
|
+
# as `seconds`, `minutes`, `hours`, or `days`, set a
|
9669
|
+
# `TokenValidityUnits` value in your API request.
|
9670
|
+
#
|
9671
|
+
# For example, when you set `IdTokenValidity` as `10` and
|
9672
|
+
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
9673
|
+
# session with their ID token for 10 hours.
|
9674
|
+
#
|
9675
|
+
# The default time unit for `AccessTokenValidity` in an API request is
|
9676
|
+
# hours. *Valid range* is displayed below in seconds.
|
9412
9677
|
# @return [Integer]
|
9413
9678
|
#
|
9414
9679
|
# @!attribute [rw] token_validity_units
|
9415
|
-
# The units in which the validity times are represented.
|
9416
|
-
# RefreshToken is days, and default for ID and access
|
9680
|
+
# The units in which the validity times are represented. The default
|
9681
|
+
# unit for RefreshToken is days, and the default for ID and access
|
9682
|
+
# tokens is hours.
|
9417
9683
|
# @return [Types::TokenValidityUnitsType]
|
9418
9684
|
#
|
9419
9685
|
# @!attribute [rw] read_attributes
|
@@ -9453,13 +9719,14 @@ module Aws::CognitoIdentityProvider
|
|
9453
9719
|
# @return [Array<String>]
|
9454
9720
|
#
|
9455
9721
|
# @!attribute [rw] supported_identity_providers
|
9456
|
-
# A list of provider names for the
|
9457
|
-
# supported
|
9722
|
+
# A list of provider names for the IdPs that this client supports. The
|
9723
|
+
# following are supported: `COGNITO`, `Facebook`, `Google`,
|
9724
|
+
# `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
|
9725
|
+
# and OIDC providers.
|
9458
9726
|
# @return [Array<String>]
|
9459
9727
|
#
|
9460
9728
|
# @!attribute [rw] callback_urls
|
9461
|
-
# A list of allowed redirect (callback) URLs for the
|
9462
|
-
# providers.
|
9729
|
+
# A list of allowed redirect (callback) URLs for the IdPs.
|
9463
9730
|
#
|
9464
9731
|
# A redirect URI must:
|
9465
9732
|
#
|
@@ -9482,7 +9749,7 @@ module Aws::CognitoIdentityProvider
|
|
9482
9749
|
# @return [Array<String>]
|
9483
9750
|
#
|
9484
9751
|
# @!attribute [rw] logout_urls
|
9485
|
-
# A list of allowed logout URLs for the
|
9752
|
+
# A list of allowed logout URLs for the IdPs.
|
9486
9753
|
# @return [Array<String>]
|
9487
9754
|
#
|
9488
9755
|
# @!attribute [rw] default_redirect_uri
|
@@ -9511,22 +9778,28 @@ module Aws::CognitoIdentityProvider
|
|
9511
9778
|
# @!attribute [rw] allowed_o_auth_flows
|
9512
9779
|
# The allowed OAuth flows.
|
9513
9780
|
#
|
9514
|
-
#
|
9515
|
-
# authorization code as the response. This code can be exchanged for
|
9516
|
-
# access tokens with the token endpoint.
|
9781
|
+
# code
|
9517
9782
|
#
|
9518
|
-
#
|
9519
|
-
#
|
9783
|
+
# : Use a code grant flow, which provides an authorization code as the
|
9784
|
+
# response. This code can be exchanged for access tokens with the
|
9785
|
+
# `/oauth2/token` endpoint.
|
9520
9786
|
#
|
9521
|
-
#
|
9522
|
-
#
|
9523
|
-
# the token
|
9787
|
+
# implicit
|
9788
|
+
#
|
9789
|
+
# : Issue the access token (and, optionally, ID token, based on
|
9790
|
+
# scopes) directly to your user.
|
9791
|
+
#
|
9792
|
+
# client\_credentials
|
9793
|
+
#
|
9794
|
+
# : Issue the access token from the `/oauth2/token` endpoint directly
|
9795
|
+
# to a non-person user using a combination of the client ID and
|
9796
|
+
# client secret.
|
9524
9797
|
# @return [Array<String>]
|
9525
9798
|
#
|
9526
9799
|
# @!attribute [rw] allowed_o_auth_scopes
|
9527
|
-
# The allowed OAuth scopes. Possible values provided by OAuth are
|
9800
|
+
# The allowed OAuth scopes. Possible values provided by OAuth are
|
9528
9801
|
# `phone`, `email`, `openid`, and `profile`. Possible values provided
|
9529
|
-
# by Amazon Web Services are
|
9802
|
+
# by Amazon Web Services are `aws.cognito.signin.user.admin`. Custom
|
9530
9803
|
# scopes created in Resource Servers are also supported.
|
9531
9804
|
# @return [Array<String>]
|
9532
9805
|
#
|
@@ -9536,8 +9809,8 @@ module Aws::CognitoIdentityProvider
|
|
9536
9809
|
# @return [Boolean]
|
9537
9810
|
#
|
9538
9811
|
# @!attribute [rw] analytics_configuration
|
9539
|
-
# The Amazon Pinpoint analytics configuration
|
9540
|
-
# for this user pool.
|
9812
|
+
# The Amazon Pinpoint analytics configuration necessary to collect
|
9813
|
+
# metrics for this user pool.
|
9541
9814
|
#
|
9542
9815
|
# <note markdown="1"> In Amazon Web Services Regions where Amazon Pinpoint isn't
|
9543
9816
|
# available, user pools only support sending events to Amazon Pinpoint
|
@@ -9576,6 +9849,20 @@ module Aws::CognitoIdentityProvider
|
|
9576
9849
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
9577
9850
|
# @return [Boolean]
|
9578
9851
|
#
|
9852
|
+
# @!attribute [rw] enable_propagate_additional_user_context_data
|
9853
|
+
# Activates the propagation of additional user context data. For more
|
9854
|
+
# information about propagation of user context data, see [ Adding
|
9855
|
+
# advanced security to a user pool][1]. If you don’t include this
|
9856
|
+
# parameter, you can't send device fingerprint information, including
|
9857
|
+
# source IP address, to Amazon Cognito advanced security. You can only
|
9858
|
+
# activate `EnablePropagateAdditionalUserContextData` in an app client
|
9859
|
+
# that has a client secret.
|
9860
|
+
#
|
9861
|
+
#
|
9862
|
+
#
|
9863
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
|
9864
|
+
# @return [Boolean]
|
9865
|
+
#
|
9579
9866
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClientRequest AWS API Documentation
|
9580
9867
|
#
|
9581
9868
|
class UpdateUserPoolClientRequest < Struct.new(
|
@@ -9598,7 +9885,8 @@ module Aws::CognitoIdentityProvider
|
|
9598
9885
|
:allowed_o_auth_flows_user_pool_client,
|
9599
9886
|
:analytics_configuration,
|
9600
9887
|
:prevent_user_existence_errors,
|
9601
|
-
:enable_token_revocation
|
9888
|
+
:enable_token_revocation,
|
9889
|
+
:enable_propagate_additional_user_context_data)
|
9602
9890
|
SENSITIVE = [:client_id]
|
9603
9891
|
include Aws::Structure
|
9604
9892
|
end
|
@@ -9729,6 +10017,9 @@ module Aws::CognitoIdentityProvider
|
|
9729
10017
|
# default_email_option: "CONFIRM_WITH_LINK", # accepts CONFIRM_WITH_LINK, CONFIRM_WITH_CODE
|
9730
10018
|
# },
|
9731
10019
|
# sms_authentication_message: "SmsVerificationMessageType",
|
10020
|
+
# user_attribute_update_settings: {
|
10021
|
+
# attributes_require_verification_before_update: ["phone_number"], # accepts phone_number, email
|
10022
|
+
# },
|
9732
10023
|
# mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
|
9733
10024
|
# device_configuration: {
|
9734
10025
|
# challenge_required_on_new_device: false,
|
@@ -9809,8 +10100,21 @@ module Aws::CognitoIdentityProvider
|
|
9809
10100
|
# The contents of the SMS authentication message.
|
9810
10101
|
# @return [String]
|
9811
10102
|
#
|
10103
|
+
# @!attribute [rw] user_attribute_update_settings
|
10104
|
+
# The settings for updates to user attributes. These settings include
|
10105
|
+
# the property `AttributesRequireVerificationBeforeUpdate`, a
|
10106
|
+
# user-pool setting that tells Amazon Cognito how to handle changes to
|
10107
|
+
# the value of your users' email address and phone number attributes.
|
10108
|
+
# For more information, see [ Verifying updates to email addresses and
|
10109
|
+
# phone numbers][1].
|
10110
|
+
#
|
10111
|
+
#
|
10112
|
+
#
|
10113
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
|
10114
|
+
# @return [Types::UserAttributeUpdateSettingsType]
|
10115
|
+
#
|
9812
10116
|
# @!attribute [rw] mfa_configuration
|
9813
|
-
#
|
10117
|
+
# Possible values include:
|
9814
10118
|
#
|
9815
10119
|
# * `OFF` - MFA tokens aren't required and can't be specified during
|
9816
10120
|
# user registration.
|
@@ -9829,7 +10133,14 @@ module Aws::CognitoIdentityProvider
|
|
9829
10133
|
# @return [String]
|
9830
10134
|
#
|
9831
10135
|
# @!attribute [rw] device_configuration
|
9832
|
-
#
|
10136
|
+
# The device-remembering configuration for a user pool. A null value
|
10137
|
+
# indicates that you have deactivated device remembering in your user
|
10138
|
+
# pool.
|
10139
|
+
#
|
10140
|
+
# <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
|
10141
|
+
# activate the Amazon Cognito device-remembering feature.
|
10142
|
+
#
|
10143
|
+
# </note>
|
9833
10144
|
# @return [Types::DeviceConfigurationType]
|
9834
10145
|
#
|
9835
10146
|
# @!attribute [rw] email_configuration
|
@@ -9886,6 +10197,7 @@ module Aws::CognitoIdentityProvider
|
|
9886
10197
|
:email_verification_subject,
|
9887
10198
|
:verification_message_template,
|
9888
10199
|
:sms_authentication_message,
|
10200
|
+
:user_attribute_update_settings,
|
9889
10201
|
:mfa_configuration,
|
9890
10202
|
:device_configuration,
|
9891
10203
|
:email_configuration,
|
@@ -9905,6 +10217,60 @@ module Aws::CognitoIdentityProvider
|
|
9905
10217
|
#
|
9906
10218
|
class UpdateUserPoolResponse < Aws::EmptyStructure; end
|
9907
10219
|
|
10220
|
+
# The settings for updates to user attributes. These settings include
|
10221
|
+
# the property `AttributesRequireVerificationBeforeUpdate`, a user-pool
|
10222
|
+
# setting that tells Amazon Cognito how to handle changes to the value
|
10223
|
+
# of your users' email address and phone number attributes. For more
|
10224
|
+
# information, see [ Verifying updates to email addresses and phone
|
10225
|
+
# numbers][1].
|
10226
|
+
#
|
10227
|
+
#
|
10228
|
+
#
|
10229
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
|
10230
|
+
#
|
10231
|
+
# @note When making an API call, you may pass UserAttributeUpdateSettingsType
|
10232
|
+
# data as a hash:
|
10233
|
+
#
|
10234
|
+
# {
|
10235
|
+
# attributes_require_verification_before_update: ["phone_number"], # accepts phone_number, email
|
10236
|
+
# }
|
10237
|
+
#
|
10238
|
+
# @!attribute [rw] attributes_require_verification_before_update
|
10239
|
+
# Requires that your user verifies their email address, phone number,
|
10240
|
+
# or both before Amazon Cognito updates the value of that attribute.
|
10241
|
+
# When you update a user attribute that has this option activated,
|
10242
|
+
# Amazon Cognito sends a verification message to the new phone number
|
10243
|
+
# or email address. Amazon Cognito doesn’t change the value of the
|
10244
|
+
# attribute until your user responds to the verification message and
|
10245
|
+
# confirms the new value.
|
10246
|
+
#
|
10247
|
+
# You can verify an updated email address or phone number with a
|
10248
|
+
# [VerifyUserAttribute][1] API request. You can also call the
|
10249
|
+
# [UpdateUserAttributes][2] or [AdminUpdateUserAttributes][3] API and
|
10250
|
+
# set `email_verified` or `phone_number_verified` to true.
|
10251
|
+
#
|
10252
|
+
# When `AttributesRequireVerificationBeforeUpdate` is false, your user
|
10253
|
+
# pool doesn't require that your users verify attribute changes
|
10254
|
+
# before Amazon Cognito updates them. In a user pool where
|
10255
|
+
# `AttributesRequireVerificationBeforeUpdate` is false, API operations
|
10256
|
+
# that change attribute values can immediately update a user’s `email`
|
10257
|
+
# or `phone_number` attribute.
|
10258
|
+
#
|
10259
|
+
#
|
10260
|
+
#
|
10261
|
+
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html
|
10262
|
+
# [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html
|
10263
|
+
# [3]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html
|
10264
|
+
# @return [Array<String>]
|
10265
|
+
#
|
10266
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserAttributeUpdateSettingsType AWS API Documentation
|
10267
|
+
#
|
10268
|
+
class UserAttributeUpdateSettingsType < Struct.new(
|
10269
|
+
:attributes_require_verification_before_update)
|
10270
|
+
SENSITIVE = []
|
10271
|
+
include Aws::Structure
|
10272
|
+
end
|
10273
|
+
|
9908
10274
|
# Contextual data, such as the user's device fingerprint, IP address,
|
9909
10275
|
# or location, used for evaluating the risk of an unexpected event by
|
9910
10276
|
# Amazon Cognito advanced security.
|
@@ -9913,18 +10279,29 @@ module Aws::CognitoIdentityProvider
|
|
9913
10279
|
# data as a hash:
|
9914
10280
|
#
|
9915
10281
|
# {
|
10282
|
+
# ip_address: "StringType",
|
9916
10283
|
# encoded_data: "StringType",
|
9917
10284
|
# }
|
9918
10285
|
#
|
10286
|
+
# @!attribute [rw] ip_address
|
10287
|
+
# The source IP address of your user's device.
|
10288
|
+
# @return [String]
|
10289
|
+
#
|
9919
10290
|
# @!attribute [rw] encoded_data
|
9920
|
-
#
|
9921
|
-
#
|
9922
|
-
#
|
10291
|
+
# Encoded device-fingerprint details that your app collected with the
|
10292
|
+
# Amazon Cognito context data collection library. For more
|
10293
|
+
# information, see [Adding user device and session data to API
|
10294
|
+
# requests][1].
|
10295
|
+
#
|
10296
|
+
#
|
10297
|
+
#
|
10298
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
|
9923
10299
|
# @return [String]
|
9924
10300
|
#
|
9925
10301
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserContextDataType AWS API Documentation
|
9926
10302
|
#
|
9927
10303
|
class UserContextDataType < Struct.new(
|
10304
|
+
:ip_address,
|
9928
10305
|
:encoded_data)
|
9929
10306
|
SENSITIVE = []
|
9930
10307
|
include Aws::Structure
|
@@ -10174,24 +10551,52 @@ module Aws::CognitoIdentityProvider
|
|
10174
10551
|
# @return [Time]
|
10175
10552
|
#
|
10176
10553
|
# @!attribute [rw] refresh_token_validity
|
10177
|
-
# The time limit
|
10178
|
-
#
|
10554
|
+
# The refresh token time limit. After this limit expires, your user
|
10555
|
+
# can't use their refresh token. To specify the time unit for
|
10556
|
+
# `RefreshTokenValidity` as `seconds`, `minutes`, `hours`, or `days`,
|
10557
|
+
# set a `TokenValidityUnits` value in your API request.
|
10558
|
+
#
|
10559
|
+
# For example, when you set `RefreshTokenValidity` as `10` and
|
10560
|
+
# `TokenValidityUnits` as `days`, your user can refresh their session
|
10561
|
+
# and retrieve new access and ID tokens for 10 days.
|
10562
|
+
#
|
10563
|
+
# The default time unit for `RefreshTokenValidity` in an API request
|
10564
|
+
# is days. You can't set `RefreshTokenValidity` to 0. If you do,
|
10565
|
+
# Amazon Cognito overrides the value with the default value of 30
|
10566
|
+
# days. *Valid range* is displayed below in seconds.
|
10179
10567
|
# @return [Integer]
|
10180
10568
|
#
|
10181
10569
|
# @!attribute [rw] access_token_validity
|
10182
|
-
# The time limit
|
10183
|
-
#
|
10184
|
-
#
|
10570
|
+
# The access token time limit. After this limit expires, your user
|
10571
|
+
# can't use their access token. To specify the time unit for
|
10572
|
+
# `AccessTokenValidity` as `seconds`, `minutes`, `hours`, or `days`,
|
10573
|
+
# set a `TokenValidityUnits` value in your API request.
|
10574
|
+
#
|
10575
|
+
# For example, when you set `AccessTokenValidity` to `10` and
|
10576
|
+
# `TokenValidityUnits` to `hours`, your user can authorize access with
|
10577
|
+
# their access token for 10 hours.
|
10578
|
+
#
|
10579
|
+
# The default time unit for `AccessTokenValidity` in an API request is
|
10580
|
+
# hours. *Valid range* is displayed below in seconds.
|
10185
10581
|
# @return [Integer]
|
10186
10582
|
#
|
10187
10583
|
# @!attribute [rw] id_token_validity
|
10188
|
-
# The time limit
|
10189
|
-
#
|
10584
|
+
# The ID token time limit. After this limit expires, your user can't
|
10585
|
+
# use their ID token. To specify the time unit for `IdTokenValidity`
|
10586
|
+
# as `seconds`, `minutes`, `hours`, or `days`, set a
|
10587
|
+
# `TokenValidityUnits` value in your API request.
|
10588
|
+
#
|
10589
|
+
# For example, when you set `IdTokenValidity` as `10` and
|
10590
|
+
# `TokenValidityUnits` as `hours`, your user can authenticate their
|
10591
|
+
# session with their ID token for 10 hours.
|
10592
|
+
#
|
10593
|
+
# The default time unit for `AccessTokenValidity` in an API request is
|
10594
|
+
# hours. *Valid range* is displayed below in seconds.
|
10190
10595
|
# @return [Integer]
|
10191
10596
|
#
|
10192
10597
|
# @!attribute [rw] token_validity_units
|
10193
|
-
# The time units used to specify the token validity times of
|
10194
|
-
#
|
10598
|
+
# The time units used to specify the token validity times of each
|
10599
|
+
# token type: ID, access, and refresh.
|
10195
10600
|
# @return [Types::TokenValidityUnitsType]
|
10196
10601
|
#
|
10197
10602
|
# @!attribute [rw] read_attributes
|
@@ -10231,13 +10636,14 @@ module Aws::CognitoIdentityProvider
|
|
10231
10636
|
# @return [Array<String>]
|
10232
10637
|
#
|
10233
10638
|
# @!attribute [rw] supported_identity_providers
|
10234
|
-
# A list of provider names for the
|
10235
|
-
# supported
|
10639
|
+
# A list of provider names for the IdPs that this client supports. The
|
10640
|
+
# following are supported: `COGNITO`, `Facebook`, `Google`,
|
10641
|
+
# `SignInWithApple`, `LoginWithAmazon`, and the names of your own SAML
|
10642
|
+
# and OIDC providers.
|
10236
10643
|
# @return [Array<String>]
|
10237
10644
|
#
|
10238
10645
|
# @!attribute [rw] callback_urls
|
10239
|
-
# A list of allowed redirect (callback) URLs for the
|
10240
|
-
# providers.
|
10646
|
+
# A list of allowed redirect (callback) URLs for the IdPs.
|
10241
10647
|
#
|
10242
10648
|
# A redirect URI must:
|
10243
10649
|
#
|
@@ -10260,7 +10666,7 @@ module Aws::CognitoIdentityProvider
|
|
10260
10666
|
# @return [Array<String>]
|
10261
10667
|
#
|
10262
10668
|
# @!attribute [rw] logout_urls
|
10263
|
-
# A list of allowed logout URLs for the
|
10669
|
+
# A list of allowed logout URLs for the IdPs.
|
10264
10670
|
# @return [Array<String>]
|
10265
10671
|
#
|
10266
10672
|
# @!attribute [rw] default_redirect_uri
|
@@ -10289,23 +10695,30 @@ module Aws::CognitoIdentityProvider
|
|
10289
10695
|
# @!attribute [rw] allowed_o_auth_flows
|
10290
10696
|
# The allowed OAuth flows.
|
10291
10697
|
#
|
10292
|
-
#
|
10293
|
-
#
|
10294
|
-
#
|
10698
|
+
# code
|
10699
|
+
#
|
10700
|
+
# : Use a code grant flow, which provides an authorization code as the
|
10701
|
+
# response. This code can be exchanged for access tokens with the
|
10702
|
+
# `/oauth2/token` endpoint.
|
10703
|
+
#
|
10704
|
+
# implicit
|
10295
10705
|
#
|
10296
|
-
#
|
10297
|
-
#
|
10706
|
+
# : Issue the access token (and, optionally, ID token, based on
|
10707
|
+
# scopes) directly to your user.
|
10298
10708
|
#
|
10299
|
-
#
|
10300
|
-
#
|
10301
|
-
#
|
10709
|
+
# client\_credentials
|
10710
|
+
#
|
10711
|
+
# : Issue the access token from the `/oauth2/token` endpoint directly
|
10712
|
+
# to a non-person user using a combination of the client ID and
|
10713
|
+
# client secret.
|
10302
10714
|
# @return [Array<String>]
|
10303
10715
|
#
|
10304
10716
|
# @!attribute [rw] allowed_o_auth_scopes
|
10305
|
-
# The
|
10306
|
-
# `phone`, `email`, `openid`, and `profile`.
|
10307
|
-
#
|
10308
|
-
#
|
10717
|
+
# The OAuth scopes that your app client supports. Possible values that
|
10718
|
+
# OAuth provides are `phone`, `email`, `openid`, and `profile`.
|
10719
|
+
# Possible values that Amazon Web Services provides are
|
10720
|
+
# `aws.cognito.signin.user.admin`. Amazon Cognito also supports custom
|
10721
|
+
# scopes that you create in Resource Servers.
|
10309
10722
|
# @return [Array<String>]
|
10310
10723
|
#
|
10311
10724
|
# @!attribute [rw] allowed_o_auth_flows_user_pool_client
|
@@ -10339,8 +10752,8 @@ module Aws::CognitoIdentityProvider
|
|
10339
10752
|
#
|
10340
10753
|
# * `ENABLED` - This prevents user existence-related errors.
|
10341
10754
|
#
|
10342
|
-
# * `LEGACY` - This represents the old behavior of Cognito
|
10343
|
-
# existence related errors aren't prevented.
|
10755
|
+
# * `LEGACY` - This represents the old behavior of Amazon Cognito
|
10756
|
+
# where user existence related errors aren't prevented.
|
10344
10757
|
# @return [String]
|
10345
10758
|
#
|
10346
10759
|
# @!attribute [rw] enable_token_revocation
|
@@ -10354,6 +10767,33 @@ module Aws::CognitoIdentityProvider
|
|
10354
10767
|
# [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
|
10355
10768
|
# @return [Boolean]
|
10356
10769
|
#
|
10770
|
+
# @!attribute [rw] enable_propagate_additional_user_context_data
|
10771
|
+
# When `EnablePropagateAdditionalUserContextData` is true, Amazon
|
10772
|
+
# Cognito accepts an `IpAddress` value that you send in the
|
10773
|
+
# `UserContextData` parameter. The `UserContextData` parameter sends
|
10774
|
+
# information to Amazon Cognito advanced security for risk analysis.
|
10775
|
+
# You can send `UserContextData` when you sign in Amazon Cognito
|
10776
|
+
# native users with the `InitiateAuth` and `RespondToAuthChallenge`
|
10777
|
+
# API operations.
|
10778
|
+
#
|
10779
|
+
# When `EnablePropagateAdditionalUserContextData` is false, you can't
|
10780
|
+
# send your user's source IP address to Amazon Cognito advanced
|
10781
|
+
# security with unauthenticated API operations.
|
10782
|
+
# `EnablePropagateAdditionalUserContextData` doesn't affect whether
|
10783
|
+
# you can send a source IP address in a `ContextData` parameter with
|
10784
|
+
# the authenticated API operations `AdminInitiateAuth` and
|
10785
|
+
# `AdminRespondToAuthChallenge`.
|
10786
|
+
#
|
10787
|
+
# You can only activate `EnablePropagateAdditionalUserContextData` in
|
10788
|
+
# an app client that has a client secret. For more information about
|
10789
|
+
# propagation of user context data, see [Adding user device and
|
10790
|
+
# session data to API requests][1].
|
10791
|
+
#
|
10792
|
+
#
|
10793
|
+
#
|
10794
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
|
10795
|
+
# @return [Boolean]
|
10796
|
+
#
|
10357
10797
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UserPoolClientType AWS API Documentation
|
10358
10798
|
#
|
10359
10799
|
class UserPoolClientType < Struct.new(
|
@@ -10379,7 +10819,8 @@ module Aws::CognitoIdentityProvider
|
|
10379
10819
|
:allowed_o_auth_flows_user_pool_client,
|
10380
10820
|
:analytics_configuration,
|
10381
10821
|
:prevent_user_existence_errors,
|
10382
|
-
:enable_token_revocation
|
10822
|
+
:enable_token_revocation,
|
10823
|
+
:enable_propagate_additional_user_context_data)
|
10383
10824
|
SENSITIVE = [:client_id, :client_secret]
|
10384
10825
|
include Aws::Structure
|
10385
10826
|
end
|
@@ -10532,6 +10973,19 @@ module Aws::CognitoIdentityProvider
|
|
10532
10973
|
# The contents of the SMS authentication message.
|
10533
10974
|
# @return [String]
|
10534
10975
|
#
|
10976
|
+
# @!attribute [rw] user_attribute_update_settings
|
10977
|
+
# The settings for updates to user attributes. These settings include
|
10978
|
+
# the property `AttributesRequireVerificationBeforeUpdate`, a
|
10979
|
+
# user-pool setting that tells Amazon Cognito how to handle changes to
|
10980
|
+
# the value of your users' email address and phone number attributes.
|
10981
|
+
# For more information, see [ Verifying updates to email addresses and
|
10982
|
+
# phone numbers][1].
|
10983
|
+
#
|
10984
|
+
#
|
10985
|
+
#
|
10986
|
+
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates
|
10987
|
+
# @return [Types::UserAttributeUpdateSettingsType]
|
10988
|
+
#
|
10535
10989
|
# @!attribute [rw] mfa_configuration
|
10536
10990
|
# Can be one of the following values:
|
10537
10991
|
#
|
@@ -10546,7 +11000,14 @@ module Aws::CognitoIdentityProvider
|
|
10546
11000
|
# @return [String]
|
10547
11001
|
#
|
10548
11002
|
# @!attribute [rw] device_configuration
|
10549
|
-
# The device configuration.
|
11003
|
+
# The device-remembering configuration for a user pool. A null value
|
11004
|
+
# indicates that you have deactivated device remembering in your user
|
11005
|
+
# pool.
|
11006
|
+
#
|
11007
|
+
# <note markdown="1"> When you provide a value for any `DeviceConfiguration` field, you
|
11008
|
+
# activate the Amazon Cognito device-remembering feature.
|
11009
|
+
#
|
11010
|
+
# </note>
|
10550
11011
|
# @return [Types::DeviceConfigurationType]
|
10551
11012
|
#
|
10552
11013
|
# @!attribute [rw] estimated_number_of_users
|
@@ -10681,6 +11142,7 @@ module Aws::CognitoIdentityProvider
|
|
10681
11142
|
:email_verification_subject,
|
10682
11143
|
:verification_message_template,
|
10683
11144
|
:sms_authentication_message,
|
11145
|
+
:user_attribute_update_settings,
|
10684
11146
|
:mfa_configuration,
|
10685
11147
|
:device_configuration,
|
10686
11148
|
:estimated_number_of_users,
|
@@ -10700,7 +11162,7 @@ module Aws::CognitoIdentityProvider
|
|
10700
11162
|
include Aws::Structure
|
10701
11163
|
end
|
10702
11164
|
|
10703
|
-
#
|
11165
|
+
# A user profile in a Amazon Cognito user pool.
|
10704
11166
|
#
|
10705
11167
|
# @!attribute [rw] username
|
10706
11168
|
# The user name of the user you want to describe.
|
@@ -10729,6 +11191,8 @@ module Aws::CognitoIdentityProvider
|
|
10729
11191
|
#
|
10730
11192
|
# * CONFIRMED - User has been confirmed.
|
10731
11193
|
#
|
11194
|
+
# * EXTERNAL\_PROVIDER - User signed in with a third-party IdP.
|
11195
|
+
#
|
10732
11196
|
# * ARCHIVED - User is no longer active.
|
10733
11197
|
#
|
10734
11198
|
# * UNKNOWN - User status isn't known.
|
@@ -10770,7 +11234,7 @@ module Aws::CognitoIdentityProvider
|
|
10770
11234
|
# }
|
10771
11235
|
#
|
10772
11236
|
# @!attribute [rw] case_sensitive
|
10773
|
-
# Specifies whether
|
11237
|
+
# Specifies whether user name case sensitivity will be applied for all
|
10774
11238
|
# users in the user pool through Amazon Cognito APIs.
|
10775
11239
|
#
|
10776
11240
|
# Valid values include:
|
@@ -10830,12 +11294,16 @@ module Aws::CognitoIdentityProvider
|
|
10830
11294
|
# }
|
10831
11295
|
#
|
10832
11296
|
# @!attribute [rw] sms_message
|
10833
|
-
# The SMS
|
11297
|
+
# The template for SMS messages that Amazon Cognito sends to your
|
11298
|
+
# users.
|
10834
11299
|
# @return [String]
|
10835
11300
|
#
|
10836
11301
|
# @!attribute [rw] email_message
|
10837
|
-
# The email
|
10838
|
-
#
|
11302
|
+
# The template for email messages that Amazon Cognito sends to your
|
11303
|
+
# users. You can set an `EmailMessage` template only if the value of [
|
11304
|
+
# EmailSendingAccount][1] is `DEVELOPER`. When your
|
11305
|
+
# [EmailSendingAccount][1] is `DEVELOPER`, your user pool sends email
|
11306
|
+
# messages with your own Amazon SES configuration.
|
10839
11307
|
#
|
10840
11308
|
#
|
10841
11309
|
#
|
@@ -10843,8 +11311,11 @@ module Aws::CognitoIdentityProvider
|
|
10843
11311
|
# @return [String]
|
10844
11312
|
#
|
10845
11313
|
# @!attribute [rw] email_subject
|
10846
|
-
# The subject line for the email message template.
|
10847
|
-
#
|
11314
|
+
# The subject line for the email message template. You can set an
|
11315
|
+
# `EmailSubject` template only if the value of [
|
11316
|
+
# EmailSendingAccount][1] is `DEVELOPER`. When your
|
11317
|
+
# [EmailSendingAccount][1] is `DEVELOPER`, your user pool sends email
|
11318
|
+
# messages with your own Amazon SES configuration.
|
10848
11319
|
#
|
10849
11320
|
#
|
10850
11321
|
#
|
@@ -10853,8 +11324,10 @@ module Aws::CognitoIdentityProvider
|
|
10853
11324
|
#
|
10854
11325
|
# @!attribute [rw] email_message_by_link
|
10855
11326
|
# The email message template for sending a confirmation link to the
|
10856
|
-
# user. EmailMessageByLink
|
10857
|
-
# EmailSendingAccount][1] is DEVELOPER
|
11327
|
+
# user. You can set an `EmailMessageByLink` template only if the value
|
11328
|
+
# of [ EmailSendingAccount][1] is `DEVELOPER`. When your
|
11329
|
+
# [EmailSendingAccount][1] is `DEVELOPER`, your user pool sends email
|
11330
|
+
# messages with your own Amazon SES configuration.
|
10858
11331
|
#
|
10859
11332
|
#
|
10860
11333
|
#
|
@@ -10863,8 +11336,11 @@ module Aws::CognitoIdentityProvider
|
|
10863
11336
|
#
|
10864
11337
|
# @!attribute [rw] email_subject_by_link
|
10865
11338
|
# The subject line for the email message template for sending a
|
10866
|
-
# confirmation link to the user.
|
10867
|
-
# EmailSendingAccount][1] is
|
11339
|
+
# confirmation link to the user. You can set an `EmailSubjectByLink`
|
11340
|
+
# template only if the value of [ EmailSendingAccount][1] is
|
11341
|
+
# `DEVELOPER`. When your [EmailSendingAccount][1] is `DEVELOPER`, your
|
11342
|
+
# user pool sends email messages with your own Amazon SES
|
11343
|
+
# configuration.
|
10868
11344
|
#
|
10869
11345
|
#
|
10870
11346
|
#
|
@@ -10899,7 +11375,8 @@ module Aws::CognitoIdentityProvider
|
|
10899
11375
|
# }
|
10900
11376
|
#
|
10901
11377
|
# @!attribute [rw] access_token
|
10902
|
-
#
|
11378
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
11379
|
+
# software token you want to verify.
|
10903
11380
|
# @return [String]
|
10904
11381
|
#
|
10905
11382
|
# @!attribute [rw] session
|
@@ -10961,7 +11438,8 @@ module Aws::CognitoIdentityProvider
|
|
10961
11438
|
# }
|
10962
11439
|
#
|
10963
11440
|
# @!attribute [rw] access_token
|
10964
|
-
#
|
11441
|
+
# A valid access token that Amazon Cognito issued to the user whose
|
11442
|
+
# user attributes you want to verify.
|
10965
11443
|
# @return [String]
|
10966
11444
|
#
|
10967
11445
|
# @!attribute [rw] attribute_name
|